[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file
|
From: |
Leo Gaspard |
|
Subject: |
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode |
|
Date: |
Wed, 24 May 2017 00:59:29 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 |
On 05/23/2017 04:32 PM, Greg Kurz wrote:
> v2: - posted patch for CVE-2017-7493 separately
> - other changes available in each patch changelog
>
> Leo,
>
> If you find time to test this series, I'll gladly add your Tested-by: to
> it before merging.
Just tested with a base of 2.9.0 with patches [1] [2] (from my
distribution), [3] (required to apply cleanly) and this patchset.
Things appear to work as expected, and .virtfs_metadata{,_root} appear
to be neither readable nor writable by any user.
That said, one thing still bothering me with the fix in [3] is that it
still "leaks" the host's uid/gid to the guest when a corresponding file
in .virtfs_metadata is not present (while I'd have expected it to appear
as root:root in the guest), but that's a separate issue, and I guess
retro-compatibility prevents any fixing it.
Thanks for these patches!
Leo
[1]
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
[2]
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch
[3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
signature.asc
Description: OpenPGP digital signature