Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (

From:	Miklos Szeredi
Subject:	Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)
Date:	Wed, 27 Jan 2021 10:25:28 +0100

On Tue, Jan 26, 2021 at 6:18 PM Greg Kurz <groug@kaod.org> wrote:
>
> On Tue, 26 Jan 2021 10:35:02 +0000
> Stefan Hajnoczi <stefanha@redhat.com> wrote:

> The patch looks pretty good to me. It just seems to be missing a change in
> lo_create():
>
>     fd = openat(parent_inode->fd, name, (fi->flags | O_CREAT) & ~O_NOFOLLOW,
>                 mode);
>
> A malicious guest could have created anything called ${name} in this directory
> before calling FUSE_CREATE and we'll open it blindly, or I'm missing 
> something ?

Right, this seems like an omission.

Also the "& ~O_NOFOLLOW" looks like a copy-paste bug, since unlike
lo_open(), lo_create() is not opening a proc symlink.

So that should be replaced with "| O_NOFOLLOW"

Thanks,
Miklos

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Stefan Hajnoczi, 2021/01/26
- Re: [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Daniel P . Berrangé, 2021/01/26
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Liam Merwick, 2021/01/26
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/26
  - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi <=
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
    - Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/28

Prev by Date: Re: [PATCH v2 00/12] buildsys: Do not build various objects if not necessary
Next by Date: [PATCH] target/i86: implement PKS
Previous by thread: Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)
Next by thread: Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)
Index(es):
- Date
- Thread