[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v4 0/3] 9pfs security fixes
From: |
Greg Kurz |
Subject: |
[Qemu-devel] [PATCH v4 0/3] 9pfs security fixes |
Date: |
Tue, 30 Aug 2016 19:10:47 +0200 |
User-agent: |
StGit/0.17.1-dirty |
As reported by Felix Wilhelm, at various places in 9pfs, full paths are
created by concatenating a guest originated string to the export path. A
malicious guest could forge a relative path and access files outside the
export path.
A tentative fix was sent recently by Prasad J Pandit, but it was only
focused on the local backend and did not get a positive review. This series
tries to address the issue more globally, based on the official 9P spec.
I wasn't running the TUXERA test suite correctly and overlooked a failure
with symbolic links (thanks Aneesh for your assistance). This v4 is basically
the same as v3 with a change in patch 1/3.
---
Greg Kurz (3):
9pfs: forbid illegal path names
9pfs: forbid . and .. in file names
9pfs: handle walk of ".." in the root directory
hw/9pfs/9p.c | 147 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----
hw/9pfs/9p.h | 1
2 files changed, 139 insertions(+), 9 deletions(-)
--
Greg
- [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes,
Greg Kurz <=