OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw
History
Gerd Hoffmann bab9df35ce usb-mtp: use O_NOFOLLOW and O_CLOEXEC. 
Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
While being at it also add O_CLOEXEC.

usb-mtp only handles regular files and directories and ignores
everything else, so users should not see a difference.

Because qemu ignores symlinks, carrying out a successful symlink attack
requires swapping an existing file or directory below rootdir for a
symlink and winning the race against the inotify notification to qemu.

Fixes: CVE-2018-16872
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: Bandan Das <bsd@redhat.com>
Reported-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Message-id: 20181213122511.13853-1-kraxel@redhat.com
2018-12-14 08:52:14 +01:00
..
9pfs
9p: fix QEMU crash when renaming files
2018-11-23 13:28:03 +01:00
acpi
hw/acpi/nvdimm: Don't take address of fields in packed structs
2018-11-12 15:14:06 +00:00
adc
Include qapi/error.h exactly where needed
2018-02-09 13:50:17 +01:00
alpha
hw/alpha/typhoon: Remove unuseful code
2018-10-24 06:44:59 -03:00
arm
hw/arm/aspeed: Fix build issue with clang 3.4
2018-11-28 13:51:41 +00:00
audio
audio/hda: fix guest triggerable assert
2018-11-27 07:47:57 +01:00
block
nvme: Fix spurious interrupts
2018-11-27 12:59:00 +01:00
bt
hw/bt: Replace fprintf(stderr, "*\n" with error_report()
2018-01-22 09:51:00 +01:00
char
hw/arm/stm32f205: Fix the UART and Timer region size
2018-11-19 15:29:08 +00:00
core
Machine queue, 2018-10-25
2018-10-25 20:17:12 +01:00
cpu
hw/cpu/a15mpcore: If CPU has EL2, enable it on the GIC and wire it up
2018-08-24 13:17:34 +01:00
cris
hw/cris: Use the IEC binary prefix definitions
2018-07-02 15:41:15 +02:00
display
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
dma
hw/dma/pl080: Remove hw_error() if DMA is enabled
2018-08-20 11:24:33 +01:00
gpio
hw/i2c: Use DeviceClass::realize instead of I2CSlaveClass::init
2018-06-01 15:14:31 +02:00
hppa
hw/hppa/dino: Remove unuseful code
2018-10-24 06:44:59 -03:00
hyperv
hw/hyperv: fix NULL dereference with pure-kvm SynIC
2018-11-26 14:14:38 -02:00
i2c
i2c: pm_smbus: check smb_index before block transfer write
2018-12-06 15:51:57 +00:00
i386
hw/i386: add pc-i440fx-3.1 & pc-q35-3.1
2018-11-20 11:42:32 -02:00
ide
replay: replay BH for IDE trim operation
2018-10-02 19:09:13 +02:00
input
ps2kbd: default to scan enabled after reset
2018-11-27 07:47:50 +01:00
intc
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
ipack
hw/ipack: Use the IEC binary prefix definitions
2018-07-02 15:41:12 +02:00
ipmi
ipmi: Use proper struct reference for BT vmstate
2018-08-23 18:46:25 +02:00
isa
configs: Add a CONFIG_SMC37C669 switch for the "smc37c669-superio" device
2018-10-24 07:33:44 +01:00
lm32
milkymist: Check for failure trying to load BIOS image
2018-11-06 11:32:14 +00:00
m68k
hw/m68k: Use the IEC binary prefix definitions
2018-07-02 15:41:14 +02:00
mem
nvdimm: set non-volatile on the memory region
2018-11-06 21:35:05 +01:00
microblaze
hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc'
2018-07-23 15:21:25 +01:00
mips
hw/mips/malta: Remove unuseful code
2018-10-24 06:44:59 -03:00
misc
pc-testdev: use HTTPS git URL
2018-11-12 11:26:02 +00:00
moxie
change get_image_size return type to int64_t
2018-10-02 19:08:49 +02:00
net
net: cadence_gem: Remove incorrect assert()
2018-11-26 13:41:42 +00:00
nios2
hw/nios2: Use the IEC binary prefix definitions
2018-07-02 15:41:15 +02:00
nvram
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
openrisc
Change references to serial_hds[] to serial_hd()
2018-04-26 13:57:00 +01:00
pci
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
pci-bridge
hw/pci-bridge/ioh3420: Remove unuseful header
2018-11-05 13:24:02 -05:00
pci-host
ppc patch queue 2018-11-08
2018-11-08 14:42:37 +00:00
pcmcia
hw: Clean up includes
2016-01-29 15:07:25 +00:00
ppc
ppc/spapr_caps: Add SPAPR_CAP_NESTED_KVM_HV
2018-11-08 13:08:35 +11:00
rdma
config: split PVRDMA from RDMA
2018-08-18 18:01:34 +03:00
riscv
hw/riscv/virt: Free the test device tree node name
2018-11-13 15:12:13 -08:00
s390x
s390x/pci: properly fail if the zPCI device cannot be created
2018-11-13 16:46:55 +01:00
scsi
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
sd
ssi-sd: Make devices picking up backends unavailable with -device
2018-10-24 07:50:16 +01:00
sh4
hw/sh4/sh_pci: Use DeviceState::realize rather than SysBusDevice::init
2018-10-24 06:44:59 -03:00
smbios
smbios: Clean up error handling in smbios_add()
2018-10-19 14:51:34 +02:00
sparc
sun4m: don't use legacy fw_cfg_init_mem() function
2018-08-20 19:18:31 +01:00
sparc64
hw/sparc64/niagara: Model the I/O Bridge with the 'unimplemented_device'
2018-10-24 06:44:59 -03:00
ssi
hw/ssi/xilinx_spi: Use DeviceState::realize rather than SysBusDevice::init
2018-10-24 06:44:59 -03:00
timer
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
tpm
tpm: use loop iterator to set sts data field
2018-11-14 15:47:24 -05:00
tricore
hw/tricore: Use the IEC binary prefix definitions
2018-07-02 15:41:14 +02:00
unicore32
hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h
2018-03-12 16:12:48 +01:00
usb
usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
2018-12-14 08:52:14 +01:00
vfio
s390x/vfio-ap: report correct error
2018-11-05 09:55:01 +01:00
virtio
vmstate: constify VMStateField
2018-11-27 15:35:15 +01:00
watchdog
qapi: Drop qapi_event_send_FOO()'s Error ** argument
2018-08-28 18:21:38 +02:00
xen
xen: Use the PCI_DEVICE macro
2018-10-26 17:17:32 +02:00
xenpv
hw/xen: Use the IEC binary prefix definitions
2018-07-02 15:41:13 +02:00
xtensa
target/xtensa: xtfpga: provide default memory sizes
2018-11-21 10:53:21 -08:00
Makefile.objs
memory-device: introduce separate config option
2018-10-24 06:44:59 -03:00