[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes |
Date: |
Tue, 30 Aug 2016 21:19:57 +0300 |
On Tue, Aug 30, 2016 at 07:10:47PM +0200, Greg Kurz wrote:
> As reported by Felix Wilhelm, at various places in 9pfs, full paths are
> created by concatenating a guest originated string to the export path. A
> malicious guest could forge a relative path and access files outside the
> export path.
>
> A tentative fix was sent recently by Prasad J Pandit, but it was only
> focused on the local backend and did not get a positive review. This series
> tries to address the issue more globally, based on the official 9P spec.
>
> I wasn't running the TUXERA test suite correctly and overlooked a failure
> with symbolic links (thanks Aneesh for your assistance). This v4 is basically
> the same as v3 with a change in patch 1/3.
Looks good to me.
Reviewed-by: Michael S. Tsirkin <address@hidden>
> ---
>
> Greg Kurz (3):
> 9pfs: forbid illegal path names
> 9pfs: forbid . and .. in file names
> 9pfs: handle walk of ".." in the root directory
>
>
> hw/9pfs/9p.c | 147
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++----
> hw/9pfs/9p.h | 1
> 2 files changed, 139 insertions(+), 9 deletions(-)
>
> --
> Greg