qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes

From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes
Date: Tue, 30 Aug 2016 19:29:19 +0100 
On 30 August 2016 at 18:10, Greg Kurz <address@hidden> wrote:
> As reported by Felix Wilhelm, at various places in 9pfs, full paths are
> created by concatenating a guest originated string to the export path. A
> malicious guest could forge a relative path and access files outside the
> export path.
>
> A tentative fix was sent recently by Prasad J Pandit, but it was only
> focused on the local backend and did not get a positive review. This series
> tries to address the issue more globally, based on the official 9P spec.
>
> I wasn't running the TUXERA test suite correctly and overlooked a failure
> with symbolic links (thanks Aneesh for your assistance). This v4 is basically
> the same as v3 with a change in patch 1/3.
>
> ---
>
> Greg Kurz (3):
>       9pfs: forbid illegal path names
>       9pfs: forbid . and .. in file names
>       9pfs: handle walk of ".." in the root directory

I see the cover letter and patches 1 and 2 in my email client
and in patchwork. Where is patch 3? (If it's identical to the v3
patch 3 I can get that...)

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]