[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Set the permissions correctly on the XML-RPC UDP socket, so that non-root users
# HG changeset patch # User emellor@xxxxxxxxxxxxxxxxxxxxxx # Node ID 53ded2201b7f9737faa4edffd86a870e56b2d704 # Parent 601d0229a40e2de9a3cc3dec9e855d8b56b5a890 Set the permissions correctly on the XML-RPC UDP socket, so that non-root users cannot use the socket. This closes a security hole, and fixes the intermittent failure of xm-test/06_list_nonroot.test. c.f. xen-unstable changeset 9205:faa1eb1621b9 (same bug, different socket). Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx> diff -r 601d0229a40e -r 53ded2201b7f tools/python/xen/util/xmlrpclib2.py --- a/tools/python/xen/util/xmlrpclib2.py Thu Mar 30 23:10:54 2006 +++ b/tools/python/xen/util/xmlrpclib2.py Thu Mar 30 23:13:33 2006 @@ -23,7 +23,7 @@ from httplib import HTTPConnection, HTTP from xmlrpclib import Transport from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler -import xmlrpclib, socket, os +import xmlrpclib, socket, os, stat import SocketServer import xen.xend.XendClient @@ -105,10 +105,13 @@ address_family = socket.AF_UNIX def __init__(self, addr, logRequests): - if self.allow_reuse_address: - try: + parent = os.path.dirname(addr) + if os.path.exists(parent): + os.chown(parent, os.geteuid(), os.getegid()) + os.chmod(parent, stat.S_IRWXU) + if self.allow_reuse_address and os.path.exists(addr): os.unlink(addr) - except OSError, exc: - pass + else: + os.makedirs(parent, stat.S_IRWXU) TCPXMLRPCServer.__init__(self, addr, UnixXMLRPCRequestHandler, logRequests) diff -r 601d0229a40e -r 53ded2201b7f tools/python/xen/xend/XendClient.py --- a/tools/python/xen/xend/XendClient.py Thu Mar 30 23:10:54 2006 +++ b/tools/python/xen/xend/XendClient.py Thu Mar 30 23:13:33 2006 @@ -19,10 +19,10 @@ from xen.util.xmlrpclib2 import ServerProxy -XML_RPC_SOCKET = "/var/run/xend-xmlrpc.sock" +XML_RPC_SOCKET = "/var/run/xend/xmlrpc.sock" ERROR_INTERNAL = 1 ERROR_GENERIC = 2 ERROR_INVALID_DOMAIN = 3 -server = ServerProxy('httpu:///var/run/xend-xmlrpc.sock') +server = ServerProxy('httpu:///var/run/xend/xmlrpc.sock') _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |