qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] 9pfs: local: forbid client access to metadata (


From: Greg Kurz
Subject: Re: [Qemu-devel] [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
Date: Mon, 15 May 2017 20:43:45 +0200

On Mon, 15 May 2017 12:37:08 -0500
Eric Blake <address@hidden> wrote:

> On 05/15/2017 11:07 AM, Greg Kurz wrote:
> > When using the mapped-file security mode, we shouldn't let the client mess
> > with the metadata. The current code already tries to hide the metadata dir
> > from the client by skipping it in local_readdir(). But the client can still
> > access or modify it through several other operations. This can be used to
> > escalate privileges in the guest.
> > 
> > Affected backend operations are:
> > - local_mknod()
> > - local_mkdir()
> > - local_open2()
> > - local_symlink()
> > - local_link()
> > - local_unlinkat()
> > - local_renameat()
> > - local_rename()
> > - local_name_to_path()
> > 
> > Other operations are safe because they are only passed a fid path, which
> > is computed internally in local_name_to_path().
> > 
> > This patch converts all the functions listed above to fail and return
> > EINVAL when being passed the name of the metadata dir. This may look
> > like a poor choice for errno, but there's no such thing as an illegal
> > path name on Linux and I could not think of anything better.
> > 
> > This fixes CVE-2017-7493.
> > 
> > Reported-by: Leo Gaspard <address@hidden>
> > Signed-off-by: Greg Kurz <address@hidden>
> > ---  
> 
> Reviewed-by: Eric Blake <address@hidden>
> 

Thanks again for your help.

Cheers,

--
Greg

Attachment: pgpdMHoEhR2_V.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]