[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (
From: |
Greg Kurz |
Subject: |
Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517) |
Date: |
Wed, 27 Jan 2021 16:35:24 +0100 |
On Wed, 27 Jan 2021 16:22:49 +0100
Miklos Szeredi <mszeredi@redhat.com> wrote:
> On Wed, Jan 27, 2021 at 4:09 PM Greg Kurz <groug@kaod.org> wrote:
> >
> > On Wed, 27 Jan 2021 15:09:50 +0100
> > Miklos Szeredi <mszeredi@redhat.com> wrote:
> > > The semantics of O_CREATE are that it can fail neither because the
> > > file exists nor because it doesn't. This doesn't matter if the
> > > exported tree is not modified outside of a single guest, because of
> > > locking provided by the guest kernel.
> > >
> >
> > Wrong. O_CREAT can legitimately fail with ENOENT if one element
>
> Let me make my statement more precise:
>
> O_CREAT cannot fail with ENOENT if parent directory exists throughout
> the operation.
>
True, but I still don't see what guarantees guest userspace that the
parent directory doesn't go away... I must have missed something.
Please elaborate.
> I'm sure this property is used all over the place in userspace code,
> and hence should be supported in strict coherence (cache=none) mode.
>
> For relaxed coherence (cache=auto) I'm not quite sure. NFS is usually
> the reference, we'd need to look into what guarantees it provides wrt.
> O_CREAT and remote racing unlink.
>
> Thanks,
> Miklos
>
- Re: [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), (continued)
- Re: [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Daniel P . Berrangé, 2021/01/26
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Liam Merwick, 2021/01/26
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/26
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517),
Greg Kurz <=
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/27
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/28
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Miklos Szeredi, 2021/01/28
- Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/01/28
Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517), Stefan Hajnoczi, 2021/01/27