[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes
From: |
Greg Kurz |
Subject: |
Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes |
Date: |
Wed, 31 Aug 2016 11:33:21 +0200 |
On Tue, 30 Aug 2016 15:39:13 -0400
Peter Maydell <address@hidden> wrote:
> On 30 August 2016 at 14:29, Peter Maydell <address@hidden> wrote:
> > On 30 August 2016 at 18:10, Greg Kurz <address@hidden> wrote:
> >> As reported by Felix Wilhelm, at various places in 9pfs, full paths are
> >> created by concatenating a guest originated string to the export path. A
> >> malicious guest could forge a relative path and access files outside the
> >> export path.
> >>
> >> A tentative fix was sent recently by Prasad J Pandit, but it was only
> >> focused on the local backend and did not get a positive review. This series
> >> tries to address the issue more globally, based on the official 9P spec.
> >>
> >> I wasn't running the TUXERA test suite correctly and overlooked a failure
> >> with symbolic links (thanks Aneesh for your assistance). This v4 is
> >> basically
> >> the same as v3 with a change in patch 1/3.
> >>
> >> ---
> >>
> >> Greg Kurz (3):
> >> 9pfs: forbid illegal path names
> >> 9pfs: forbid . and .. in file names
> >> 9pfs: handle walk of ".." in the root directory
> >
> > I see the cover letter and patches 1 and 2 in my email client
> > and in patchwork. Where is patch 3? (If it's identical to the v3
> > patch 3 I can get that...)
>
> Ah, it just arrived. Applied all to master, thanks.
>
> -- PMM
>
FWIW, this also applies to 2.6.1.
Cheers.
--
Greg
- [Qemu-devel] [PATCH v4 1/3] 9pfs: forbid illegal path names, (continued)
- [Qemu-devel] [PATCH v4 1/3] 9pfs: forbid illegal path names, Greg Kurz, 2016/08/30
- [Qemu-devel] [PATCH v4 2/3] 9pfs: forbid . and .. in file names, Greg Kurz, 2016/08/30
- Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes, Michael S. Tsirkin, 2016/08/30
- Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes, Peter Maydell, 2016/08/30
- [Qemu-devel] [PATCH v4 3/3] 9pfs: handle walk of ".." in the root directory, Greg Kurz, 2016/08/30