OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
40b89515d0
qemu-e2k/hw/9pfs
History
Christian Schoenebeck f6b0de53fb 9pfs: prevent opening special files (CVE-2023-2861) 
The 9p protocol does not specifically define how server shall behave when
client tries to open a special file, however from security POV it does
make sense for 9p server to prohibit opening any special file on host side
in general. A sane Linux 9p client for instance would never attempt to
open a special file on host side, it would always handle those exclusively
on its guest side. A malicious client however could potentially escape
from the exported 9p tree by creating and opening a device file on host
side.

With QEMU this could only be exploited in the following unsafe setups:

  - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
    security model.

or

  - Using 9p 'proxy' fs driver (which is running its helper daemon as
    root).

These setups were already discouraged for safety reasons before,
however for obvious reasons we are now tightening behaviour on this.

Fixes: CVE-2023-2861
Reported-by: Yanwu Shen <ywsPlz@gmail.com>
Reported-by: Jietao Xiao <shawtao1125@gmail.com>
Reported-by: Jinku Li <jkli@xidian.edu.cn>
Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
2023-06-08 17:04:58 +02:00
..
9p-local.c error handling: Use RETRY_ON_EINTR() macro where applicable 2023-01-09 13:50:47 +01:00
9p-local.h 9pfs: local: open/opendir: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-posix-acl.c 9pfs: fix removing non-existent POSIX ACL xattr on macOS host 2022-05-01 14:07:03 +02:00
9p-proxy.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
9p-proxy.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
9p-synth.c 9pfs: Fix some return statements in the synth backend 2022-12-23 11:48:13 +01:00
9p-synth.h 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread 2022-02-17 16:57:58 +01:00
9p-util-darwin.c 9pfs: fix qemu_mknodat() to always return -1 on error on macOS host 2022-05-01 14:07:03 +02:00
9p-util-linux.c 9p: darwin: Implement compatibility for mknodat 2022-03-07 11:49:31 +01:00
9p-util.h 9pfs: prevent opening special files (CVE-2023-2861) 2023-06-08 17:04:58 +02:00
9p-xattr-user.c trivial typos: namesapce 2022-06-28 11:06:44 +02:00
9p-xattr.c 9pfs: add link to 9p developer docs 2021-07-05 13:03:16 +02:00
9p-xattr.h 9pfs: fix XattrOperations typedef 2018-01-08 11:18:22 +01:00
9p.c hw/9pfs: use qemu_xxhash4 2023-06-01 11:05:05 -04:00
9p.h 9pfs: mark more coroutine_fns 2023-04-25 13:17:28 +02:00
codir.c 9pfs: mark more coroutine_fns 2023-04-25 13:17:28 +02:00
cofile.c coroutine: Clean up superfluous inclusion of qemu/coroutine.h 2023-01-19 10:18:28 +01:00
cofs.c coroutine: Clean up superfluous inclusion of qemu/coroutine.h 2023-01-19 10:18:28 +01:00
coth.c thread-pool: avoid passing the pool parameter every time 2023-04-25 13:17:28 +02:00
coth.h coroutine: Split qemu/coroutine-core.h off qemu/coroutine.h 2023-01-20 07:21:46 +01:00
coxattr.c coroutine: Clean up superfluous inclusion of qemu/coroutine.h 2023-01-19 10:18:28 +01:00
Kconfig hw/9pfs: Fix Kconfig dependency problem between 9pfs and Xen 2020-11-05 15:21:11 +01:00
meson.build hw/xen: Build PV backend drivers for CONFIG_XEN_BUS 2023-03-07 17:04:30 +00:00
trace-events 9pfs/xen: Fix segfault on shutdown 2023-05-16 16:21:54 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
virtio-9p-device.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
virtio-9p.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
xen-9p-backend.c 9pfs/xen: Fix segfault on shutdown 2023-05-16 16:21:54 +02:00
xen-9pfs.h xen: Import other xen/io/*.h 2019-06-24 10:42:30 +01:00