Block all use of libvirt.so in setuid programs

Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/libvirt.c b/src/libvirt.c
index 96d8fdca39377b722606ff03f8e8649312a4a3c4..d76e537c7f6cd6eb3497bd65ce33db2cc484643b 100644 (file)
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -409,6 +409,14 @@ virGlobalInit(void)
         virErrorInitialize() < 0)
         goto error;
 
+#ifndef IN_VIRT_LOGIN_SHELL
+    if (virIsSUID()) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("libvirt.so is not safe to use from setuid programs"));
+        goto error;
+    }
+#endif
+
 #ifdef WITH_GNUTLS_GCRYPT
     /*
      * This sequence of API calls it copied exactly from