diff options
author | emellor@leeni.uk.xensource.com <emellor@leeni.uk.xensource.com> | 2006-03-31 00:13:33 +0100 |
---|---|---|
committer | emellor@leeni.uk.xensource.com <emellor@leeni.uk.xensource.com> | 2006-03-31 00:13:33 +0100 |
commit | 8d3271b7cc8050da140660c97cbdeed9d8c4768e (patch) | |
tree | 700bed2e50d93abc85dfe8960c96fc9d80540dc5 | |
parent | 7a6ee342c3327ed47c87fd52252e8930f3e5b097 (diff) | |
download | xen-8d3271b7cc8050da140660c97cbdeed9d8c4768e.tar.gz xen-8d3271b7cc8050da140660c97cbdeed9d8c4768e.tar.bz2 xen-8d3271b7cc8050da140660c97cbdeed9d8c4768e.zip |
Set the permissions correctly on the XML-RPC UDP socket, so that non-root users
cannot use the socket.
This closes a security hole, and fixes the intermittent failure
of xm-test/06_list_nonroot.test.
c.f. xen-unstable changeset 9205:faa1eb1621b9 (same bug, different socket).
Signed-off-by: Ewan Mellor <ewan@xensource.com>
-rw-r--r-- | tools/python/xen/util/xmlrpclib2.py | 13 | ||||
-rw-r--r-- | tools/python/xen/xend/XendClient.py | 4 |
2 files changed, 10 insertions, 7 deletions
diff --git a/tools/python/xen/util/xmlrpclib2.py b/tools/python/xen/util/xmlrpclib2.py index 214a678fac..c0f769f6f2 100644 --- a/tools/python/xen/util/xmlrpclib2.py +++ b/tools/python/xen/util/xmlrpclib2.py @@ -23,7 +23,7 @@ An enhanced XML-RPC client/server interface for Python. from httplib import HTTPConnection, HTTP from xmlrpclib import Transport from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler -import xmlrpclib, socket, os +import xmlrpclib, socket, os, stat import SocketServer import xen.xend.XendClient @@ -105,10 +105,13 @@ class UnixXMLRPCServer(TCPXMLRPCServer): address_family = socket.AF_UNIX def __init__(self, addr, logRequests): - if self.allow_reuse_address: - try: + parent = os.path.dirname(addr) + if os.path.exists(parent): + os.chown(parent, os.geteuid(), os.getegid()) + os.chmod(parent, stat.S_IRWXU) + if self.allow_reuse_address and os.path.exists(addr): os.unlink(addr) - except OSError, exc: - pass + else: + os.makedirs(parent, stat.S_IRWXU) TCPXMLRPCServer.__init__(self, addr, UnixXMLRPCRequestHandler, logRequests) diff --git a/tools/python/xen/xend/XendClient.py b/tools/python/xen/xend/XendClient.py index 974f4b7121..fb9974aa5a 100644 --- a/tools/python/xen/xend/XendClient.py +++ b/tools/python/xen/xend/XendClient.py @@ -19,10 +19,10 @@ from xen.util.xmlrpclib2 import ServerProxy -XML_RPC_SOCKET = "/var/run/xend-xmlrpc.sock" +XML_RPC_SOCKET = "/var/run/xend/xmlrpc.sock" ERROR_INTERNAL = 1 ERROR_GENERIC = 2 ERROR_INVALID_DOMAIN = 3 -server = ServerProxy('httpu:///var/run/xend-xmlrpc.sock') +server = ServerProxy('httpu:///var/run/xend/xmlrpc.sock') |