Libvirt Security Notice: LSN-2013-0017
libvirtd daemon crash when reading memory tunables for LXC guest in shutoff status
Lifecycle
| Reported on: |
20131209 |
| Published on: |
20131220 |
| Fixed on: |
20131220 |
Credits
See also
Description
The lxcDomainGetMemoryParameters method in the LXC driver did not check
whether the guest being accessed was running or not. When shutoff there will be
no virCgroupPtr instance associated with the guest. Reading memory tunables
involves calling methods with the virCgroupPtr object as a parameter. This will
lead to a crash accessing a NULL pointer.
Impact
A user who has permission to invoke the virDomainGetMemoryParameters
API against the LXC driver will be able to crash the libvirtd daemon. Access to
this API is granted to any user who connects to the read-only libvirtd UNIX
domain socket. If ACLs are active, access is granted to any user with the
'read' permission on the 'domain' object, which is granted by default to all
users. As a result an unprivileged user will be able to inflict a denial of
service attack on other users of the libvirtd daemon with higher privilege.
Workaround
The impact can be mitigated by blocking access to the read-only
libvirtd UNIX domain socket, with policykit or the 'auth_unix_ro' parameter
in '/etc/libvirt/libvirtd.conf'. If ACLs are active, the 'read' permission
should be removed from any untrusted users. This will not prevent the crash,
but will stop unprivileged users from inflicting the denial of service
on higher privileged users.
Affected product: libvirt
Alternative formats:
[xml] [text]