[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block devi
From: |
Aurelien Jarno |
Subject: |
Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking |
Date: |
Thu, 19 Feb 2009 23:21:05 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Thu, Feb 19, 2009 at 06:19:36PM -0300, Eduardo Habkost wrote:
> From: Aurelien Jarno <aurel32>
>
> This is based on an old patch commited by Aurelien Jarno whose commit
> message was:
>
> Fix CVE-2008-0928 - insufficient block device address range checking
>
> Qemu 0.9.1 and earlier does not perform range checks for block device
> read or write requests, which allows guest host users with root
> privileges to access arbitrary memory and escape the virtual machine.
>
> In addition to the changes done by the previous patch, this patch changes
> total_sectors to total_bytes, so that the range checking works for
> backing devices that are not sector-based (for example, when block-qcow
> is reading the backing file). This was done to avoid bugs such as:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=485148
>
I don't think it addresses comments from Fabrice Bellard [1], that was
the primarily reason why this patch has been reverted [2]. He asked
that the tests are done in block-{qcow,qcow2,vmdk}.c.
[1] http://lists.gnu.org/archive/html/qemu-devel/2008-03/msg00128.html
[2] http://lists.gnu.org/archive/html/qemu-devel/2008-03/msg00132.html
--
Aurelien Jarno GPG: 1024D/F1BCDB73
address@hidden http://www.aurel32.net