[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file
|
From: |
Greg Kurz |
|
Subject: |
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode |
|
Date: |
Wed, 24 May 2017 10:54:32 +0200 |
On Wed, 24 May 2017 00:59:29 +0200
Leo Gaspard <address@hidden> wrote:
> On 05/23/2017 04:32 PM, Greg Kurz wrote:
> > v2: - posted patch for CVE-2017-7493 separately
> > - other changes available in each patch changelog
> >
> > Leo,
> >
> > If you find time to test this series, I'll gladly add your Tested-by: to
> > it before merging.
>
> Just tested with a base of 2.9.0 with patches [1] [2] (from my
> distribution), [3] (required to apply cleanly) and this patchset.
>
> Things appear to work as expected, and .virtfs_metadata{,_root} appear
> to be neither readable nor writable by any user.
>
Shall I add your Tested-by: to the patch then ?
> That said, one thing still bothering me with the fix in [3] is that it
> still "leaks" the host's uid/gid to the guest when a corresponding file
> in .virtfs_metadata is not present (while I'd have expected it to appear
> as root:root in the guest), but that's a separate issue, and I guess
> retro-compatibility prevents any fixing it.
>
Heh, I had a tentative patch to create root:root credentials and 0700 mode
bits by default... but this could indeed break some setups, so I decided
not to post it.
> Thanks for these patches!
Thanks for the testing! :)
Cheers,
--
Greg
> Leo
>
>
> [1]
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
>
> [2]
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch
>
> [3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
>
pgpOIHmsoPdmD.pgp
Description: OpenPGP digital signature