qrexec: really do not match 'dom0' at '$anyvm', as documented

Design documentation says:
'note string dom0 does not match the $anyvm pattern; all other names do'

This behaviour was broken, because 'is not' in python isn't the same as
string comparison. In theory this could result in some service
erroneously allowed to execute in dom0, but in practice such services are
not installed in dom0 at all, so the only impact was misleading error
message.

Fixes QubesOS/qubes-issues#2031
Reported by @Jeeppler
This commit is contained in:
Marek Marczykowski-Górecki 2016-11-18 02:51:25 +01:00
parent 9b7667c3a5
commit 981a11cee1
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -70,7 +70,7 @@ def read_policy_file(service_name):
return policy_list return policy_list
def is_match(item, config_term): def is_match(item, config_term):
return (item is not "dom0" and config_term == "$anyvm") or item == config_term return (item != "dom0" and config_term == "$anyvm") or item == config_term
def get_default_policy(): def get_default_policy():
dict={} dict={}