qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 06/29] 9pfs: local: open/opendir: don't follow s

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [PATCH 06/29] 9pfs: local: open/opendir: don't follow symlinks
Date: Thu, 23 Feb 2017 13:18:31 +0000
User-agent: Mutt/1.7.1 (2016-10-04) 
On Mon, Feb 20, 2017 at 03:40:07PM +0100, Greg Kurz wrote:
> The local_open() and local_opendir() callbacks are vulnerable to symlink
> attacks because they call:
> 
> (1) open(O_NOFOLLOW) which follows symbolic links in all path elements but
>     the rightmost one
> (2) opendir() which follows symbolic links in all path elements
> 
> This patch converts both callbacks to use new helpers based on
> openat_nofollow() to only open files and directories if they are
> below the virtfs shared folder
> 
> This partly fixes CVE-2016-9602.
> 
> Signed-off-by: Greg Kurz <address@hidden>
> ---
>  hw/9pfs/9p-local.c |   31 +++++++++++++++++++++----------
>  hw/9pfs/9p-local.h |   20 ++++++++++++++++++++
>  2 files changed, 41 insertions(+), 10 deletions(-)
>  create mode 100644 hw/9pfs/9p-local.h

Reviewed-by: Stefan Hajnoczi <address@hidden>

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]