qemu-bridge-helper minimizing patch

[Sebastian Krahmer <krahmer () suse de>]

Hi,

For the qemu-bridge-helper which is part of qemu and meant
to run as suid root, I removed a lot of dependencies with
this patch:

http://bugzillafiles.novell.org/attachment.cgi?id=598793

It was linked against the whole set of qemu libs before,
so very good chance to exploit the suid via one of the
more than 50 libs' init code.
It also fixes minor theoretically issue to be on the safe side:
Dropping uid to user once work has been done but before sending
the fd across a UNIX socket.

I dont think that there is a CVE required for any of this (unless
someone manages to make an exploit for one of the dependency-libs
that were loaded before).

If someone from RH could bring this upstream, it would be very
helpful. Last time I tried commiting a fix for ivshmem I just
got reverse-blaming.

Sebastian


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team