OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw/9pfs
History
Greg Kurz 996a0d76d7 9pfs: local: open/opendir: don't follow symlinks 
The local_open() and local_opendir() callbacks are vulnerable to symlink
attacks because they call:

(1) open(O_NOFOLLOW) which follows symbolic links in all path elements but
    the rightmost one
(2) opendir() which follows symbolic links in all path elements

This patch converts both callbacks to use new helpers based on
openat_nofollow() to only open files and directories if they are
below the virtfs shared folder

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 		2017-02-28 11:21:15 +01:00
..
9p-handle.c 9pfs: add cleanup operation for handle backend driver 2016-11-23 13:53:34 +01:00
9p-local.c 9pfs: local: open/opendir: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-local.h 9pfs: local: open/opendir: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-posix-acl.c 9pfs: Clean up includes 2016-01-29 15:07:23 +00:00
9p-proxy.c 9pfs: add cleanup operation for proxy backend driver 2016-11-23 13:53:34 +01:00
9p-proxy.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
9p-synth.c 9p: synth: drop v9fs_ prefix 2016-07-01 14:38:54 +02:00
9p-synth.h 9pfs: fsdev: drop useless extern annotation for functions 2016-10-17 14:13:58 +02:00
9p-util.c 9pfs: introduce relative_openat_nofollow() helper 2017-02-28 11:21:15 +01:00
9p-util.h 9pfs: introduce relative_openat_nofollow() helper 2017-02-28 11:21:15 +01:00
9p-xattr-user.c 9pfs: Clean up includes 2016-01-29 15:07:23 +00:00
9p-xattr.c 9pfs: local: move xattr security ops to 9p-xattr.c 2017-02-28 11:21:14 +01:00
9p-xattr.h 9pfs: local: move xattr security ops to 9p-xattr.c 2017-02-28 11:21:14 +01:00
9p.c coroutine-lock: add mutex argument to CoQueue APIs 2017-02-21 11:39:40 +00:00
9p.h 9pfs: fix P9_NOTAG and P9_NOFID macros 2017-01-03 17:28:44 +01:00
Makefile.objs 9pfs: introduce relative_openat_nofollow() helper 2017-02-28 11:21:15 +01:00
codir.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
cofile.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
cofs.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
coth.c coroutine: move entry argument to qemu_coroutine_create 2016-07-13 13:26:02 +02:00
coth.h 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
coxattr.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
trace-events 9pfs: limit xattr size in xattrcreate 2016-11-01 12:03:02 +01:00
virtio-9p-device.c 9pfs: introduce init_out/in_iov_from_pdu 2017-01-03 17:28:44 +01:00
virtio-9p.h 9pfs: introduce transport specific callbacks 2017-01-03 17:28:44 +01:00