Bug 1011429
Summary: | CVE-2013-4399 libvirt: libvirtd will be crashed while destroy the guest which has been connected twice by virt-viewer and enable the access-driver in libvirtd.conf [rhel-7.0] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | zhenfeng wang <zhwang> |
Component: | libvirt | Assignee: | Daniel Berrangé <berrange> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | acathrow, berrange, cwei, dyuan, eblake, mzhan, pmatouse, ydu |
Target Milestone: | rc | Keywords: | Security |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libvirt-1.1.1-9.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-30 12:41:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1015214 |
Comment 3
Daniel Berrangé
2013-09-27 15:57:26 UTC
Verify this bug on libvirt-1.1.1-9.el7.x86_64, steps as following 1.enable the access_driver in libvirtd.conf #cat /etc/libvirt/libvirtd.conf access_drivers = [ "polkit" ] 2.prepare a normal guest # virsh list --all Id Name State ---------------------------------------------------- 8 rhel7raw running 3.connect the guest with virt-viewer and disconnect it with ctrl+c # virt-viewer rhel7raw Gtk-Message: Failed to load module "pk-gtk-module" Gtk-Message: Failed to load module "canberra-gtk-module" GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. (virt-viewer:14096): GSpice-WARNING **: PulseAudio context failed Connection refused (virt-viewer:14096): GSpice-WARNING **: pa_context_connect() failed: Connection refused (virt-viewer:14096): GSpice-WARNING **: Error connecting to session dbus: /bin/dbus-launch terminated abnormally without any error message (virt-viewer:14096): GSpice-WARNING **: Warning no automount-inhibiting implementation available ^C 3.reconnect the guest with virt-viewer and disconnect it with ctl+c # virt-viewer rhel7raw Gtk-Message: Failed to load module "pk-gtk-module" Gtk-Message: Failed to load module "canberra-gtk-module" GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. (virt-viewer:14096): GSpice-WARNING **: PulseAudio context failed Connection refused (virt-viewer:14096): GSpice-WARNING **: pa_context_connect() failed: Connection refused (virt-viewer:14096): GSpice-WARNING **: Error connecting to session dbus: /bin/dbus-launch terminated abnormally without any error message (virt-viewer:14096): GSpice-WARNING **: Warning no automount-inhibiting implementation available ^C 4.destroy the guest #virsh destroy rhel7raw Domain rhel7raw destroyed 5.Check the libvirtd status # ps aux|grep libvirtd root 6777 0.1 0.0 1058292 18340 ? Ssl 11:12 0:00 /usr/sbin/libvirtd root 7451 0.0 0.0 112648 928 pts/0 S+ 11:19 0:00 grep --color=auto libvirtd [root@ibm-x3650m3-07 ~]# service libvirtd status Redirecting to /bin/systemctl status libvirtd.service libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) Active: active (running) since Thu 2013-10-17 11:12:38 CST; 6min ago Main PID: 6777 (libvirtd) CGroup: name=systemd:/system/libvirtd.service ├─1792 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.... └─6777 /usr/sbin/libvirtd Since the libvirtd wasn't crashed and the guest can be destroyed correctly, so mark this bug verified Fixed in 7.0 GA, closing. |