qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] git master build failure in 9pfs

From: Eric Blake
Subject: Re: [Qemu-devel] git master build failure in 9pfs
Date: Fri, 3 Mar 2017 10:40:13 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 
On 03/03/2017 10:21 AM, Daniel P. Berrange wrote:

>>>> I remember years ago something like O_PATH was not defined on Mac OS
>>>> X,
>>>> so the solution was to define the constant as zero. Something like
>>>> this:
>>>>
>>>> #ifndef O_PATH
>>>>    #define O_PATH 0
>>>> #endif
>>>>
>>>> Maybe this might work in 9p-util.h.
>>>>

>>
>> +#ifndef O_PATH
>> +    #define O_PATH 0
>> +#endif
> 
> Isn't the use of O_PATH required in order to fix the recent
> security vulnerability in 9p ?  If so, then defining it to
> 0 means the QEMU is silently becoming vulnerable once again
> which I don't think is a good idea.

My understanding is that O_PATH is an optimization. It lets openat()
succeed in some places where it would ordinarily fail (for example, it
can be used to open a dir with mode 0000) - the resulting fd is
limited-use (it cannot be used to read() or write(), but CAN be used as
the relative fd for a subsequent openat(), for example).  If you define
O_PATH to 0, then attempts to traverse paths will fail where the could
have otherwise succeeded, but failure is okay (the CVE was that we were
succeeding at opening through a guest-controlled symlink; whether we now
fail or guarantee that we are not going through a symlink is a quality
of implementation, but either way, we are at least immune from
succeeding through a symlink).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]