qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 2/2] 9pfs: fix vulnerability in openat_dir()

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH v2 2/2] 9pfs: fix vulnerability in openat_dir() and local_unlinkat_common()
Date: Mon, 6 Mar 2017 10:18:53 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 
On 03/06/2017 02:29 AM, Greg Kurz wrote:
> We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make
> QEMU vulnerable.
> 
> While here, we also fix local_unlinkat_common() to use openat_dir() for
> the same reasons (it was a leftover in the original patchset actually).
> 
> This fixes CVE-2016-9602.
> 
> Signed-off-by: Greg Kurz <address@hidden>
> Reviewed-by: Daniel P. Berrange <address@hidden>
> --
> v2: - keep O_PATH (Eric Blake)

Reviewed-by: Eric Blake <address@hidden>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]