[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.

From: P J P
Subject: Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
Date: Thu, 13 Dec 2018 22:37:55 +0530 (IST)

  Hello Gerd,

+-- On Thu, 13 Dec 2018, Markus Armbruster wrote --+
| Gerd Hoffmann <address@hidden> writes:
| > Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
| > While being at it also add O_CLOEXEC.
| >
| > usb-mtp only handles regular files and directories and ignores
| > everything else, so users should not see a difference.
| >
| > Because qemu ignores symlinks carrying out an successfull symlink attack

   symlinks, carrying out a successful ...

| > requires swapping an existing file or directory below rootdir for a
| > symlink and winning the race against the inotify notification to qemu.
| >
| > Note that the impact of this bug is rather low when qemu is managed by
| > libvirt due to qemu running sandboxed, so there isn't much you can gain
| > access to that way.
| >
| > Fixes: CVE-2018-pjp-please-get-one
| Ah, looks like we've run out of numbers.


It's CVE-2018-16872. Thank you so much for the fix patch.

Thank you.
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

reply via email to

[Prev in Thread] Current Thread [Next in Thread]