Re: [Qemu-devel] git master build failure in 9pfs

[Eric Blake]

On 03/03/2017 10:43 AM, Greg Kurz wrote:

>>> +#ifndef O_PATH
>>> +    #define O_PATH 0
>>> +#endif  
>>
>> Isn't the use of O_PATH required in order to fix the recent
>> security vulnerability in 9p ?  If so, then defining it to
>> 0 means the QEMU is silently becoming vulnerable once again
>> which I don't think is a good idea.
>>
> 
> O_PATH was supposed to be used as an optimization here, since fds returned by
> this function are only passed to openat()... but your comment makes me realize
> I inadvertently dropped O_NOFOLLOW between v1 and v2 of the patchset. And this
> IS an actual vulnerability issue :) And reading the openat() manpage, I see
> that O_PATH | O_NOFOLLOW doesn't cause openat() to fail, but to return a fd
> pointing to the symlink which is certainly not what I want :)

Why not? It works, since openat(fd, ...) fails with EBADF if fd is a
symlink rather than a directory.  (Well, it SHOULD fail like that,
according to the man page; I need to write a test program and find out
for sure).  So you don't have to do any additional syscalls, as your
very next *at call will tell you if you actually got a directory or a
symlink.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature