proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-05-29 09:19:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

restrict monitor API to Sys.Modify for most commands

Browse Source 
because these allow adding arbitrary devices to VMs (and
other potentially dangerous things).

whitelist 'info *' and 'help' as usable with just
VM.Monitor, if more are desired and requested they can be
added later.
This commit is contained in:
Fabian Grünbichler 2016-11-23 09:17:07 +01:00 committed by Dietmar Maurer
parent cad05dcfaa
commit a8f2f42714
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
PVE/API2/Qemu.pm
View File

@ -2796,6 +2796,7 @@ __PACKAGE__->register_method({
proxyto => 'node', proxyto => 'node',
description => "Execute Qemu monitor commands.", description => "Execute Qemu monitor commands.",
permissions => { permissions => {
description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')",
check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
}, },
parameters => { parameters => {
@ -2813,6 +2814,18 @@ __PACKAGE__->register_method({
code => sub { code => sub {
my ($param) = @_; my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $is_ro = sub {
my $command = shift;
return $command =~ m/^\s*info(\s+|$)/
|| $command =~ m/^\s*help\s*$/;
};
$rpcenv->check_full($authuser, "/", ['Sys.Modify'])
if !&$is_ro($param->{command});
my $vmid = $param->{vmid}; my $vmid = $param->{vmid};
my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists