[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] Set the permissions correctly on the XML-RPC UDP socket, so that non-root users



# HG changeset patch
# User emellor@xxxxxxxxxxxxxxxxxxxxxx
# Node ID 53ded2201b7f9737faa4edffd86a870e56b2d704
# Parent  601d0229a40e2de9a3cc3dec9e855d8b56b5a890
Set the permissions correctly on the XML-RPC UDP socket, so that non-root users
cannot use the socket.

This closes a security hole, and fixes the intermittent failure
of xm-test/06_list_nonroot.test.

c.f. xen-unstable changeset 9205:faa1eb1621b9 (same bug, different socket).

Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx>

diff -r 601d0229a40e -r 53ded2201b7f tools/python/xen/util/xmlrpclib2.py
--- a/tools/python/xen/util/xmlrpclib2.py       Thu Mar 30 23:10:54 2006
+++ b/tools/python/xen/util/xmlrpclib2.py       Thu Mar 30 23:13:33 2006
@@ -23,7 +23,7 @@
 from httplib import HTTPConnection, HTTP
 from xmlrpclib import Transport
 from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
-import xmlrpclib, socket, os
+import xmlrpclib, socket, os, stat
 import SocketServer
 
 import xen.xend.XendClient
@@ -105,10 +105,13 @@
     address_family = socket.AF_UNIX
 
     def __init__(self, addr, logRequests):
-        if self.allow_reuse_address:
-            try:
+        parent = os.path.dirname(addr)
+        if os.path.exists(parent):
+            os.chown(parent, os.geteuid(), os.getegid())
+            os.chmod(parent, stat.S_IRWXU)
+            if self.allow_reuse_address and os.path.exists(addr):
                 os.unlink(addr)
-            except OSError, exc:
-                pass
+        else:
+            os.makedirs(parent, stat.S_IRWXU)
         TCPXMLRPCServer.__init__(self, addr, UnixXMLRPCRequestHandler,
                                  logRequests)
diff -r 601d0229a40e -r 53ded2201b7f tools/python/xen/xend/XendClient.py
--- a/tools/python/xen/xend/XendClient.py       Thu Mar 30 23:10:54 2006
+++ b/tools/python/xen/xend/XendClient.py       Thu Mar 30 23:13:33 2006
@@ -19,10 +19,10 @@
 
 from xen.util.xmlrpclib2 import ServerProxy
 
-XML_RPC_SOCKET = "/var/run/xend-xmlrpc.sock"
+XML_RPC_SOCKET = "/var/run/xend/xmlrpc.sock"
 
 ERROR_INTERNAL = 1
 ERROR_GENERIC = 2
 ERROR_INVALID_DOMAIN = 3
 
-server = ServerProxy('httpu:///var/run/xend-xmlrpc.sock')
+server = ServerProxy('httpu:///var/run/xend/xmlrpc.sock')

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.