Re: [Qemu-devel] [PATCH] security_20040618

[Gianni Tedesco]

On Fri, 2004-06-18 at 11:40 -0700, Tim wrote:
> Updates to this, from the previous version two days ago, include
> additional strcpy replacements, as well as TODO comments pointing out
> unhealthy calls to {m,re}alloc, which don't check for NULL return
> values. (I am not sure how to handle error return codes in most places,
> so just comments for now.)  Also pstrcpy() in vl.c was simplified, but
> should behave exactly the same as before.

In dyngen you need to do:

if ( ptr == NULL )
        error("malloc failed");

error() will never return.

For the other places it depends, but it's ususally quite simple. Why not
have a stab and submit a seperate patch on top of this one?

Also - Abother low hanging fruit may be /tmp file races. You could
probably make sure mkstmp is being used where possible etc.. and/or use
of /tmp files elimated as much as possible.... Or try setup a
$(HOME)/.qemu dir for that stuff. I know QEMU_TMPDIR is checked in vl.c
but the standard TMPDIR probably ought to be aswell if we DO use /tmp.

I mean, if root saves log to /tmp/qemu.log any user on the system may
obliterate any file (ln -s /etc/passwrd /tmp/qemu.log) as /tmp is the
default choice, perhaps root should know better, but maybe we should use
sane defaults like $(HOME)/qemu.log.

If people are interested in janitorial stuff like this, please, go right
ahead :)

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

signature.asc
Description: This is a digitally signed message part