From: "Daniel P. Berrange" <berrange@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: G 3 <programmingkidx@gmail.com>,
Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>,
Greg Kurz <groug@kaod.org>,
qemu-devel qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] git master build failure in 9pfs
Date: Fri, 3 Mar 2017 16:42:33 +0000 [thread overview]
Message-ID: <20170303164233.GH13631@redhat.com> (raw)
In-Reply-To: <e7d5aa7e-46a9-efba-bcf2-934b71e3bb74@redhat.com>
On Fri, Mar 03, 2017 at 10:40:13AM -0600, Eric Blake wrote:
> On 03/03/2017 10:21 AM, Daniel P. Berrange wrote:
>
> >>
> >> +#ifndef O_PATH
> >> + #define O_PATH 0
> >> +#endif
> >
> > Isn't the use of O_PATH required in order to fix the recent
> > security vulnerability in 9p ? If so, then defining it to
> > 0 means the QEMU is silently becoming vulnerable once again
> > which I don't think is a good idea.
>
> My understanding is that O_PATH is an optimization. It lets openat()
> succeed in some places where it would ordinarily fail (for example, it
> can be used to open a dir with mode 0000) - the resulting fd is
> limited-use (it cannot be used to read() or write(), but CAN be used as
> the relative fd for a subsequent openat(), for example). If you define
> O_PATH to 0, then attempts to traverse paths will fail where the could
> have otherwise succeeded, but failure is okay (the CVE was that we were
> succeeding at opening through a guest-controlled symlink; whether we now
> fail or guarantee that we are not going through a symlink is a quality
> of implementation, but either way, we are at least immune from
> succeeding through a symlink).
So we're not vulnerable, but we are breaking some valid guest usage.
I don't much like the idea of doing that silently, but i guess there's
no better alternative.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
next prev parent reply other threads:[~2017-03-03 16:42 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.56273.1488553194.22740.qemu-devel@nongnu.org>
2017-03-03 15:28 ` [Qemu-devel] git master build failure in 9pfs G 3
2017-03-03 15:44 ` Greg Kurz
2017-03-03 15:55 ` G 3
2017-03-03 15:58 ` Peter Maydell
2017-03-03 16:02 ` G 3
2017-03-03 16:14 ` Greg Kurz
2017-03-03 16:21 ` Daniel P. Berrange
2017-03-03 16:38 ` G 3
2017-03-03 16:40 ` Eric Blake
2017-03-03 16:42 ` Daniel P. Berrange [this message]
2017-03-03 16:45 ` Eric Blake
2017-03-03 16:43 ` Greg Kurz
2017-03-03 18:11 ` Eric Blake
2017-03-03 18:15 ` Greg Kurz
2017-03-03 18:28 ` Eric Blake
2017-03-04 10:57 ` Greg Kurz
[not found] <mailman.56353.1488479169.22739.qemu-devel@nongnu.org>
2017-03-03 0:30 ` Programmingkid
2017-03-02 17:28 Mark Cave-Ayland
2017-03-02 17:40 ` Daniel P. Berrange
2017-03-02 18:10 ` Peter Maydell
2017-03-03 15:41 ` Greg Kurz
2017-03-03 14:43 ` Mark Cave-Ayland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170303164233.GH13631@redhat.com \
--to=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=groug@kaod.org \
--cc=mark.cave-ayland@ilande.co.uk \
--cc=programmingkidx@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.