qemu-e2k/tools/virtiofsd
Dr. David Alan Gilbert e586edcb41 virtiofs: drop remapped security.capability xattr as needed
On Linux, the 'security.capability' xattr holds a set of
capabilities that can change when an executable is run, giving
a limited form of privilege escalation to those programs that
the writer of the file deemed worthy.

Any write causes the 'security.capability' xattr to be dropped,
stopping anyone from gaining privilege by modifying a blessed
file.

Fuse relies on the daemon to do this dropping, and in turn the
daemon relies on the host kernel to drop the xattr for it.  However,
with the addition of -o xattrmap, the xattr that the guest
stores its capabilities in is now not the same as the one that
the host kernel automatically clears.

Where the mapping changes 'security.capability', explicitly clear
the remapped name to preserve the same behaviour.

This bug is assigned CVE-2021-20263.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
2021-03-04 10:26:16 +00:00
..
50-qemu-virtiofsd.json.in
buffer.c Clean up includes 2020-12-10 17:16:44 +01:00
fuse_common.h viriofsd: Add support for FUSE_HANDLE_KILLPRIV_V2 2021-02-16 17:03:09 +00:00
fuse_i.h
fuse_log.c Clean up includes 2020-12-10 17:16:44 +01:00
fuse_log.h Clean up includes 2020-12-10 17:16:44 +01:00
fuse_lowlevel.c virtiofsd: Do not use a thread pool by default 2021-02-16 17:54:18 +00:00
fuse_lowlevel.h viriofsd: Add support for FUSE_HANDLE_KILLPRIV_V2 2021-02-16 17:03:09 +00:00
fuse_misc.h Clean up includes 2020-12-10 17:16:44 +01:00
fuse_opt.c Clean up includes 2020-12-10 17:16:44 +01:00
fuse_opt.h
fuse_signals.c Clean up includes 2020-12-10 17:16:44 +01:00
fuse_virtio.c virtiofsd: vu_dispatch locking should never fail 2021-02-16 17:03:09 +00:00
fuse_virtio.h
helper.c Clean up includes 2020-12-10 17:16:44 +01:00
meson.build
passthrough_helpers.h
passthrough_ll.c virtiofs: drop remapped security.capability xattr as needed 2021-03-04 10:26:16 +00:00
passthrough_seccomp.c tools/virtiofsd: Replace the word 'whitelist' 2021-02-16 17:03:09 +00:00
passthrough_seccomp.h Clean up includes 2020-12-10 17:16:44 +01:00