Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block devi

From:	Aurelien Jarno
Subject:	Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking
Date:	Thu, 19 Feb 2009 23:21:05 +0100
User-agent:	Mutt/1.5.18 (2008-05-17)

On Thu, Feb 19, 2009 at 06:19:36PM -0300, Eduardo Habkost wrote:
> From: Aurelien Jarno <aurel32>
> 
> This is based on an old patch commited by Aurelien Jarno whose commit
> message was:
> 
>   Fix CVE-2008-0928 - insufficient block device address range checking
> 
>   Qemu 0.9.1 and earlier does not perform range checks for block device
>   read or write requests, which allows guest host users with root
>   privileges to access arbitrary memory and escape the virtual machine.
> 
> In addition to the changes done by the previous patch, this patch changes
> total_sectors to total_bytes, so that the range checking works for
> backing devices that are not sector-based (for example, when block-qcow
> is reading the backing file). This was done to avoid bugs such as:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=485148
> 

I don't think it addresses comments from Fabrice Bellard [1], that was
the primarily reason why this patch has been reverted [2]. He asked
that the tests are done in block-{qcow,qcow2,vmdk}.c.

[1] http://lists.gnu.org/archive/html/qemu-devel/2008-03/msg00128.html
[2] http://lists.gnu.org/archive/html/qemu-devel/2008-03/msg00132.html

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
address@hidden                 http://www.aurel32.net

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/4] CVE-2008-0928 security fix, Eduardo Habkost, 2009/02/19
- [Qemu-devel] [PATCH 3/4] Move SECTOR_BITS/SECTOR_SIZE to block.h, Eduardo Habkost, 2009/02/19
- [Qemu-devel] [PATCH 1/4] vmdk: check for negative sector nums also, Eduardo Habkost, 2009/02/19
  - Re: [Qemu-devel] [PATCH 1/4] vmdk: check for negative sector nums also, Stefan Weil, 2009/02/19
    - Re: [Qemu-devel] [PATCH 1/4] vmdk: check for negative sector nums also, Eduardo Habkost, 2009/02/19
- [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking, Eduardo Habkost, 2009/02/19
  - Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking, Eduardo Habkost, 2009/02/19
  - Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking, Aurelien Jarno <=
- [Qemu-devel] [PATCH 2/4] hw/sd.c: remove ununsed SECTOR_SIZE define, Eduardo Habkost, 2009/02/19

Prev by Date: [Qemu-devel] kernel kqemu vs vmmouse/vmware svga in qemu (workaround)
Next by Date: Re: [Qemu-devel] [PATCH 1/5] kvm/powerpc: Enable MPIC for E500 platform.
Previous by thread: Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking
Next by thread: [Qemu-devel] [PATCH 2/4] hw/sd.c: remove ununsed SECTOR_SIZE define
Index(es):
- Date
- Thread