[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
From: |
P J P |
Subject: |
Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC. |
Date: |
Thu, 13 Dec 2018 22:37:55 +0530 (IST) |
Hello Gerd,
+-- On Thu, 13 Dec 2018, Markus Armbruster wrote --+
| Gerd Hoffmann <address@hidden> writes:
| > Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
| > While being at it also add O_CLOEXEC.
| >
| > usb-mtp only handles regular files and directories and ignores
| > everything else, so users should not see a difference.
| >
| > Because qemu ignores symlinks carrying out an successfull symlink attack
symlinks, carrying out a successful ...
| > requires swapping an existing file or directory below rootdir for a
| > symlink and winning the race against the inotify notification to qemu.
| >
| > Note that the impact of this bug is rather low when qemu is managed by
| > libvirt due to qemu running sandboxed, so there isn't much you can gain
| > access to that way.
| >
| > Fixes: CVE-2018-pjp-please-get-one
|
| Ah, looks like we've run out of numbers.
Heh..:)
It's CVE-2018-16872. Thank you so much for the fix patch.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F