ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/9pfs
History
Greg Kurz 72f0d0bf51 9pfs: local: lremovexattr: don't follow symlinks 
The local_lremovexattr() callback is vulnerable to symlink attacks because
it calls lremovexattr() which follows symbolic links in all path elements
but the rightmost one.

This patch introduces a helper to emulate the non-existing fremovexattrat()
function: it is implemented with /proc/self/fd which provides a trusted
path that can be safely passed to lremovexattr().

local_lremovexattr() is converted to use this helper and opendir_nofollow().

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 		2017-02-28 11:21:15 +01:00
..
9p-handle.c 9pfs: add cleanup operation for handle backend driver 2016-11-23 13:53:34 +01:00
9p-local.c 9pfs: local: open/opendir: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-local.h 9pfs: local: open/opendir: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-posix-acl.c 9pfs: local: lremovexattr: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-proxy.c 9pfs: add cleanup operation for proxy backend driver 2016-11-23 13:53:34 +01:00
9p-proxy.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
9p-synth.c 9p: synth: drop v9fs_ prefix 2016-07-01 14:38:54 +02:00
9p-synth.h 9pfs: fsdev: drop useless extern annotation for functions 2016-10-17 14:13:58 +02:00
9p-util.c 9pfs: local: lgetxattr: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-util.h 9pfs: local: lsetxattr: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-xattr-user.c 9pfs: local: lremovexattr: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-xattr.c 9pfs: local: lremovexattr: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p-xattr.h 9pfs: local: lremovexattr: don't follow symlinks 2017-02-28 11:21:15 +01:00
9p.c coroutine-lock: add mutex argument to CoQueue APIs 2017-02-21 11:39:40 +00:00
9p.h 9pfs: fix P9_NOTAG and P9_NOFID macros 2017-01-03 17:28:44 +01:00
Makefile.objs 9pfs: introduce relative_openat_nofollow() helper 2017-02-28 11:21:15 +01:00
codir.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
cofile.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
cofs.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
coth.c coroutine: move entry argument to qemu_coroutine_create 2016-07-13 13:26:02 +02:00
coth.h 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
coxattr.c 9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch] 2016-10-17 14:13:58 +02:00
trace-events 9pfs: limit xattr size in xattrcreate 2016-11-01 12:03:02 +01:00
virtio-9p-device.c 9pfs: introduce init_out/in_iov_from_pdu 2017-01-03 17:28:44 +01:00
virtio-9p.h 9pfs: introduce transport specific callbacks 2017-01-03 17:28:44 +01:00