ia64/xen-unstable

changeset 9543:53ded2201b7f

Set the permissions correctly on the XML-RPC UDP socket, so that non-root users
cannot use the socket.

This closes a security hole, and fixes the intermittent failure
of xm-test/06_list_nonroot.test.

c.f. xen-unstable changeset 9205:faa1eb1621b9 (same bug, different socket).

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@leeni.uk.xensource.com
date Fri Mar 31 00:13:33 2006 +0100 (2006-03-31)
parents 601d0229a40e
children 1d0bd5ea2c87
files tools/python/xen/util/xmlrpclib2.py tools/python/xen/xend/XendClient.py
line diff
     1.1 --- a/tools/python/xen/util/xmlrpclib2.py	Fri Mar 31 00:10:54 2006 +0100
     1.2 +++ b/tools/python/xen/util/xmlrpclib2.py	Fri Mar 31 00:13:33 2006 +0100
     1.3 @@ -23,7 +23,7 @@ An enhanced XML-RPC client/server interf
     1.4  from httplib import HTTPConnection, HTTP
     1.5  from xmlrpclib import Transport
     1.6  from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
     1.7 -import xmlrpclib, socket, os
     1.8 +import xmlrpclib, socket, os, stat
     1.9  import SocketServer
    1.10  
    1.11  import xen.xend.XendClient
    1.12 @@ -105,10 +105,13 @@ class UnixXMLRPCServer(TCPXMLRPCServer):
    1.13      address_family = socket.AF_UNIX
    1.14  
    1.15      def __init__(self, addr, logRequests):
    1.16 -        if self.allow_reuse_address:
    1.17 -            try:
    1.18 +        parent = os.path.dirname(addr)
    1.19 +        if os.path.exists(parent):
    1.20 +            os.chown(parent, os.geteuid(), os.getegid())
    1.21 +            os.chmod(parent, stat.S_IRWXU)
    1.22 +            if self.allow_reuse_address and os.path.exists(addr):
    1.23                  os.unlink(addr)
    1.24 -            except OSError, exc:
    1.25 -                pass
    1.26 +        else:
    1.27 +            os.makedirs(parent, stat.S_IRWXU)
    1.28          TCPXMLRPCServer.__init__(self, addr, UnixXMLRPCRequestHandler,
    1.29                                   logRequests)
     2.1 --- a/tools/python/xen/xend/XendClient.py	Fri Mar 31 00:10:54 2006 +0100
     2.2 +++ b/tools/python/xen/xend/XendClient.py	Fri Mar 31 00:13:33 2006 +0100
     2.3 @@ -19,10 +19,10 @@
     2.4  
     2.5  from xen.util.xmlrpclib2 import ServerProxy
     2.6  
     2.7 -XML_RPC_SOCKET = "/var/run/xend-xmlrpc.sock"
     2.8 +XML_RPC_SOCKET = "/var/run/xend/xmlrpc.sock"
     2.9  
    2.10  ERROR_INTERNAL = 1
    2.11  ERROR_GENERIC = 2
    2.12  ERROR_INVALID_DOMAIN = 3
    2.13  
    2.14 -server = ServerProxy('httpu:///var/run/xend-xmlrpc.sock')
    2.15 +server = ServerProxy('httpu:///var/run/xend/xmlrpc.sock')