[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 07/29] 9pfs: local: introduce symlink-attack saf
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [PATCH 07/29] 9pfs: local: introduce symlink-attack safe xattr helpers |
Date: |
Thu, 23 Feb 2017 13:44:41 +0000 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Mon, Feb 20, 2017 at 03:40:15PM +0100, Greg Kurz wrote:
> +static ssize_t do_xattrat_op(int op_type, int dirfd, const char *path,
> + const char *name, void *value, size_t size,
> + int flags)
> +{
> + struct xattrat_data *data;
> + pid_t pid;
> + ssize_t ret = -1;
> + int wstatus;
> +
> + data = mmap(NULL, sizeof(*data) + size, PROT_READ | PROT_WRITE,
> + MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> + if (data == MAP_FAILED) {
> + return -1;
> + }
> + data->ret = -1;
> +
> + pid = fork();
> + if (pid < 0) {
> + goto err_out;
> + } else if (pid == 0) {
> + if (fchdir(dirfd) == 0) {
> + switch (op_type) {
> + case XATTRAT_OP_GET:
> + data->ret = lgetxattr(path, name, data->value, size);
> + break;
> + case XATTRAT_OP_LIST:
> + data->ret = llistxattr(path, data->value, size);
> + break;
> + case XATTRAT_OP_SET:
> + data->ret = lsetxattr(path, name, value, size, flags);
> + break;
> + case XATTRAT_OP_REMOVE:
> + data->ret = lremovexattr(path, name);
> + break;
> + default:
> + g_assert_not_reached();
> + }
> + }
> + data->serrno = errno;
> + _exit(0);
> + }
> + assert(waitpid(pid, &wstatus, 0) == pid && WIFEXITED(wstatus));
> +
> + ret = data->ret;
> + if (ret < 0) {
> + errno = data->serrno;
> + goto err_out;
> + }
> + if (value) {
> + memcpy(value, data->value, data->ret);
> + }
> +err_out:
> + munmap_preserver_errno(data, sizeof(*data) + size);
> + return ret;
> +}
Forking is ugly since QEMU is a multi-threaded program. We brainstormed
alternatives on IRC like using /proc/self/fd/$fd to work around the
missing getxattrat() API.
Stefan
signature.asc
Description: PGP signature
- [Qemu-devel] [PATCH 03/29] 9pfs: remove side-effects in local_open() and local_opendir(), (continued)
- [Qemu-devel] [PATCH 03/29] 9pfs: remove side-effects in local_open() and local_opendir(), Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 04/29] 9pfs: introduce openat_nofollow() helper, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 05/29] 9pfs: local: keep a file descriptor on the shared folder, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 06/29] 9pfs: local: open/opendir: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 07/29] 9pfs: local: introduce symlink-attack safe xattr helpers, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 08/29] 9pfs: local: lgetxattr: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 09/29] 9pfs: local: llistxattr: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 10/29] 9pfs: local: lsetxattr: don't follow symlinks, Greg Kurz, 2017/02/20