mirror of
https://gitlab.uni-freiburg.de/opensourcevdi/spice
synced 2025-12-27 07:29:32 +00:00
79fffbf95d
The socket name used to communicate between the xpi browser plugin and the spicec was predictable allowing a non priviliged user on the same system to create the socket before spicec does and thus intercept the messages from the xpi to the client, including login credentials. This security vulnerability has been registred with mitre as CVE-2010-2792: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2792 This patch changes the controller code to instead read the socket name from an environment variable which gets set by the xpi before executing the spicec, making the socketname private between the client and the xpi. Note that this means that the controller will only work with an xpi which has matching changes, the changes are present in the latest version of the xpi as available as update for / with RHEL-5.5 and RHEL-6.0 . |
||
|---|---|---|
| client | ||
| common | ||
| python_modules | ||
| server | ||
| tools | ||
| uncrustify_cfg | ||
| .gitignore | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| GITVERSION | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| spice1.proto | ||
| spice_codegen.py | ||
| spice-server.pc.in | ||
| spice.proto | ||
Copyright 2009 Red Hat, Inc. and/or its affiliates. This program and libraries is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, see <http://www.gnu.org/licenses/>.