[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 07/29] 9pfs: local: introduce symlink-attack saf
From: |
Greg Kurz |
Subject: |
Re: [Qemu-devel] [PATCH 07/29] 9pfs: local: introduce symlink-attack safe xattr helpers |
Date: |
Thu, 23 Feb 2017 22:01:29 +0100 |
On Thu, 23 Feb 2017 09:02:39 -0600
Eric Blake <address@hidden> wrote:
> On 02/20/2017 08:40 AM, Greg Kurz wrote:
> > All operations dealing with extended attributes are vulnerable to symlink
> > attacks because they use path-based syscalls which can traverse symbolic
> > links while walking through the dirname part of the path.
> >
> > The solution is to introduce helpers based on opendir_nofollow(). This
> > calls for "at" versions of the extended attribute syscalls, which don't
> > exist unfortunately. This patch implement them by simulating the "at"
> > behavior with fchdir(). Since the current working directory is process
> > wide, and we don't want to confuse another thread in QEMU, all the work
> > is done in a separate process.
>
> Can you emulate *at using /proc/fd/nnn/xyz? Coreutils was one of the
> early adopters of the power of *at functions, and found that emulation
> of *at via procfs was a LOT more efficient than emulation via fchdir
> (although both emulations still exist in gnulib, since procfs is not
> universal).
>
Yeah, Stefan suggested this on irc. I had also found a tentative patchset to
implement genuine f*xattrat() calls in the kernel 3 yrs ago, that never got
merged. The author, Florian Weimer, also told me /proc was the way to go.
It looks like we have a consensus :)
pgpUNPTdLABu1.pgp
Description: OpenPGP digital signature
- [Qemu-devel] [PATCH 05/29] 9pfs: local: keep a file descriptor on the shared folder, (continued)
- [Qemu-devel] [PATCH 08/29] 9pfs: local: lgetxattr: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 09/29] 9pfs: local: llistxattr: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 10/29] 9pfs: local: lsetxattr: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 11/29] 9pfs: local: lremovexattr: don't follow symlinks, Greg Kurz, 2017/02/20
- [Qemu-devel] [PATCH 12/29] 9pfs: local: unlinkat: don't follow symlinks, Greg Kurz, 2017/02/20