qemu-e2k/hw
Greg Kurz df4938a665 9pfs: local: unlinkat: don't follow symlinks
The local_unlinkat() callback is vulnerable to symlink attacks because it
calls remove() which follows symbolic links in all path elements but the
rightmost one.

This patch converts local_unlinkat() to rely on opendir_nofollow() and
unlinkat() instead.

Most of the code is moved to a separate local_unlinkat_common() helper
which will be reused in a subsequent patch to fix the same issue in
local_remove().

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-02-28 11:21:15 +01:00
..
9pfs 9pfs: local: unlinkat: don't follow symlinks 2017-02-28 11:21:15 +01:00
acpi change CPUArchId.cpu type to Object* 2017-02-22 11:28:28 +11:00
adc
alpha hw: Default -drive to if=ide explicitly where it works 2017-02-21 13:10:53 +01:00
arm hw: Deprecate -drive if=scsi with non-onboard HBAs 2017-02-21 13:17:45 +01:00
audio
block block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
bt chardev: qom-ify 2017-01-27 18:08:00 +01:00
char hw/char/mcf_uart: QOMify the ColdFire UART 2017-02-16 14:06:56 +01:00
core This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
cpu
cris
display virtio-gpu: use dpy_gl_scanout_disable 2017-02-27 16:15:29 +01:00
dma migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
gpio hw/gpio: QOM'ify mpc8xxx.c 2017-01-31 10:10:13 +11:00
i2c
i386 This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
ide hw: Drop superfluous special checks for orphaned -drive 2017-02-21 13:17:45 +01:00
input -----BEGIN PGP SIGNATURE----- 2017-02-02 16:08:28 +00:00
intc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
ipack
ipmi migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
isa Allow ISA bus to be configured out 2017-02-06 12:33:21 +11:00
lm32
m68k hw/m68k: QOMify the ColdFire interrupt controller 2017-02-18 22:23:31 +01:00
mem
microblaze
mips hw/mips: MIPS Boston board support 2017-02-24 10:37:21 +00:00
misc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
moxie
net hw/net/spapr_llan: 6 byte mac address device tree entry 2017-02-22 14:28:53 +11:00
nios2
nvram migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
openrisc target/openrisc: Rename the cpu from or32 to or1k 2017-02-14 08:14:58 +11:00
pci Don't check qobject_type() before qobject_to_qdict() 2017-02-22 19:52:01 +01:00
pci-bridge ppc patch queue 2017-02-02 2017-02-02 18:48:06 +00:00
pci-host ppc patch queue for 2017-02-22 2017-02-24 10:13:57 +00:00
pcmcia
ppc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
s390x s390x/css: handle format-0 TIC CCW correctly 2017-02-24 10:15:18 +01:00
scsi Changes to -drive without if= and with if=scsi 2017-02-21 13:58:50 +00:00
sd migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
sh4 hw: Default -drive to if=ide explicitly where it works 2017-02-21 13:10:53 +01:00
smbios
sparc hw: Drop superfluous special checks for orphaned -drive 2017-02-21 13:17:45 +01:00
sparc64 Pull request for Niagara patches 2017 02 26 2017-02-26 22:40:23 +00:00
ssi aspeed/smc: use a modulo to check segment limits 2017-02-10 17:40:30 +00:00
timer hw/mips_gictimer: provide API for retrieving frequency 2017-02-21 22:24:58 +00:00
tpm
tricore
unicore32
usb xhci: properties cleanup 2017-02-23 16:18:03 +01:00
vfio vfio/pci-quirks.c: Disable stolen memory for igd VFIO 2017-02-22 13:19:59 -07:00
virtio virtio: Fix no interrupt when not creating msi controller 2017-02-17 21:52:30 +02:00
watchdog wdt: Add Aspeed watchdog device model 2017-02-07 18:29:59 +00:00
xen Xen 2017/02/02 2017-02-03 12:31:40 +00:00
xenpv
xtensa
Makefile.objs