From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1Bbbuu-0001I0-Fw for qemu-devel@nongnu.org; Sat, 19 Jun 2004 05:13:40 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1Bbbus-0001Hf-Sl for qemu-devel@nongnu.org; Sat, 19 Jun 2004 05:13:40 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1Bbbus-0001HV-PH for qemu-devel@nongnu.org; Sat, 19 Jun 2004 05:13:38 -0400 Received: from [213.146.130.142] (helo=trantor.org.uk) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.34) id 1Bbbtg-0005Et-Ge for qemu-devel@nongnu.org; Sat, 19 Jun 2004 05:12:24 -0400 Subject: Re: [Qemu-devel] [PATCH] security_20040618 From: Gianni Tedesco In-Reply-To: <20040618184036.GA1874@sentinelchicken.org> References: <20040618184036.GA1874@sentinelchicken.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-lxDgh10JQ3TEPmXarx/V" Date: Sat, 19 Jun 2004 10:11:43 +0100 Message-Id: <1087636303.3375.200.camel@sherbert> Mime-Version: 1.0 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --=-lxDgh10JQ3TEPmXarx/V Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2004-06-18 at 11:40 -0700, Tim wrote: > Updates to this, from the previous version two days ago, include > additional strcpy replacements, as well as TODO comments pointing out > unhealthy calls to {m,re}alloc, which don't check for NULL return > values. (I am not sure how to handle error return codes in most places, > so just comments for now.) Also pstrcpy() in vl.c was simplified, but > should behave exactly the same as before. In dyngen you need to do: if ( ptr =3D=3D NULL ) error("malloc failed"); error() will never return. For the other places it depends, but it's ususally quite simple. Why not have a stab and submit a seperate patch on top of this one? Also - Abother low hanging fruit may be /tmp file races. You could probably make sure mkstmp is being used where possible etc.. and/or use of /tmp files elimated as much as possible.... Or try setup a $(HOME)/.qemu dir for that stuff. I know QEMU_TMPDIR is checked in vl.c but the standard TMPDIR probably ought to be aswell if we DO use /tmp. I mean, if root saves log to /tmp/qemu.log any user on the system may obliterate any file (ln -s /etc/passwrd /tmp/qemu.log) as /tmp is the default choice, perhaps root should know better, but maybe we should use sane defaults like $(HOME)/qemu.log. If people are interested in janitorial stuff like this, please, go right ahead :) --=20 // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D --=-lxDgh10JQ3TEPmXarx/V Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBA1ANOkbV2aYZGvn0RAvdpAJ9DQpr5q0YkspsWLQNyOx1revR+XgCcDUkL ESN1lOnSnpkhXj5MEwoXe1Q= =aOCX -----END PGP SIGNATURE----- --=-lxDgh10JQ3TEPmXarx/V--