qemu-e2k/tools/virtiofsd
Vivek Goyal 449e8171f9 virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358)
At the start, drop membership of all supplementary groups. This is
not required.

If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operations which are not
normally allowed.

For example, if root in guest creates a dir as follows.

$ mkdir -m 03777 test_dir

This sets SGID on dir as well as allows unprivileged users to write into
this dir.

And now as unprivileged user open file as follows.

$ su test
$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);

This will create SGID set executable in test_dir/.

And that's a problem because now an unpriviliged user can execute it,
get egid=0 and get access to resources owned by "root" group. This is
privilege escalation.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
Fixes: CVE-2022-0358
Reported-by: JIETAO XIAO <shawtao1125@gmail.com>
Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <YfBGoriS38eBQrAb@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
  dgilbert: Fixed missing {}'s style nit
2022-01-26 10:32:05 +00:00
..
50-qemu-virtiofsd.json.in
buffer.c tools/virtiofsd/buffer.c: replaced a calloc call with GLib's g_try_new0 2021-05-26 18:39:32 +01:00
fuse_common.h virtiofsd: Fix fuse setxattr() API change issue 2021-07-05 10:51:26 +01:00
fuse_i.h
fuse_log.c
fuse_log.h
fuse_lowlevel.c virtiofsd: Add support for extended setxattr 2021-07-05 10:51:26 +01:00
fuse_lowlevel.h spelling: sytem => system 2021-09-15 15:51:07 +02:00
fuse_misc.h
fuse_opt.c tools/virtiofsd/fuse_opt.c: Replaced a malloc with GLib's g_try_malloc 2021-05-26 18:39:32 +01:00
fuse_opt.h
fuse_signals.c
fuse_virtio.c virtiofsd: Error on bad socket group name 2021-10-25 19:38:32 +01:00
fuse_virtio.h
helper.c virtiofsd: Add an option to enable/disable posix acls 2021-07-05 10:51:26 +01:00
meson.build
passthrough_helpers.h
passthrough_ll.c virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) 2022-01-26 10:32:05 +00:00
passthrough_seccomp.c tools/virtiofsd: Add fstatfs64 syscall to the seccomp allowlist 2021-09-16 14:50:48 +01:00
passthrough_seccomp.h