qemu-e2k/9pfs at ad0b46e6ac769b187cb4dcf0065675ef8a198a5e - qemu-e2k - Expired Mentality Git

OpenE2K/qemu-e2k

History

Greg Kurz ad0b46e6ac 9pfs: local: link: don't follow symlinks

The local_link() callback is vulnerable to symlink attacks because it calls:

(1) link() which follows symbolic links for all path elements but the
    rightmost one
(2) local_create_mapped_attr_dir()->mkdir() which follows symbolic links
    for all path elements but the rightmost one

This patch converts local_link() to rely on opendir_nofollow() and linkat()
to fix (1), mkdirat() to fix (2).

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

2017-02-28 11:21:15 +01:00

..

9p-handle.c

9pfs: add cleanup operation for handle backend driver

2016-11-23 13:53:34 +01:00

9p-local.c

9pfs: local: link: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-local.h

9pfs: local: open/opendir: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-posix-acl.c

9pfs: local: lremovexattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-proxy.c

9pfs: add cleanup operation for proxy backend driver

2016-11-23 13:53:34 +01:00

9p-proxy.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

9p-synth.c

9p: synth: drop v9fs_ prefix

2016-07-01 14:38:54 +02:00

9p-synth.h

9pfs: fsdev: drop useless extern annotation for functions

2016-10-17 14:13:58 +02:00

9p-util.c

9pfs: local: lgetxattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-util.h

9pfs: local: lsetxattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-xattr-user.c

9pfs: local: lremovexattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-xattr.c

9pfs: local: lremovexattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-xattr.h

9pfs: local: lremovexattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p.c

coroutine-lock: add mutex argument to CoQueue APIs

2017-02-21 11:39:40 +00:00

9p.h

9pfs: fix P9_NOTAG and P9_NOFID macros

2017-01-03 17:28:44 +01:00

codir.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

cofile.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

cofs.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

coth.c

coroutine: move entry argument to qemu_coroutine_create

2016-07-13 13:26:02 +02:00

coth.h

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

coxattr.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

Makefile.objs

9pfs: introduce relative_openat_nofollow() helper

2017-02-28 11:21:15 +01:00

trace-events

9pfs: limit xattr size in xattrcreate

2016-11-01 12:03:02 +01:00

virtio-9p-device.c

9pfs: introduce init_out/in_iov_from_pdu

2017-01-03 17:28:44 +01:00

virtio-9p.h

9pfs: introduce transport specific callbacks

2017-01-03 17:28:44 +01:00