From: Greg Kurz <groug@kaod.org>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>, Greg Kurz <groug@kaod.org>
Subject: [Qemu-devel] [PULL 5/6] 9pfs: fix O_PATH build break with older glibc versions
Date: Mon, 6 Mar 2017 18:54:09 +0100 [thread overview]
Message-ID: <1488822850-23070-6-git-send-email-groug@kaod.org> (raw)
In-Reply-To: <1488822850-23070-1-git-send-email-groug@kaod.org>
When O_PATH is used with O_DIRECTORY, it only acts as an optimization: the
openat() syscall simply finds the name in the VFS, and doesn't trigger the
underlying filesystem.
On systems that don't define O_PATH, because they have glibc version 2.13
or older for example, we can safely omit it. We don't want to deactivate
O_PATH globally though, in case it is used without O_DIRECTORY. The is done
with a dedicated macro.
Systems without O_PATH may thus fail to resolve names that involve
unreadable directories, compared to newer systems succeeding, but such
corner case failure is our only option on those older systems to avoid
the security hole of chasing symlinks inappropriately.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
(added last paragraph to changelog as suggested by Eric Blake)
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p-util.h | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
index 091f3ce88e15..cb7b2072d3ac 100644
--- a/hw/9pfs/9p-util.h
+++ b/hw/9pfs/9p-util.h
@@ -22,7 +22,12 @@ static inline void close_preserve_errno(int fd)
static inline int openat_dir(int dirfd, const char *name)
{
- return openat(dirfd, name, O_DIRECTORY | O_RDONLY | O_PATH);
+#ifdef O_PATH
+#define OPENAT_DIR_O_PATH O_PATH
+#else
+#define OPENAT_DIR_O_PATH 0
+#endif
+ return openat(dirfd, name, O_DIRECTORY | O_RDONLY | OPENAT_DIR_O_PATH);
}
static inline int openat_file(int dirfd, const char *name, int flags,
--
2.7.4
next prev parent reply other threads:[~2017-03-06 17:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 17:54 [Qemu-devel] [PULL 0/6] 9pfs fixes for 2.9 2017-03-06 Greg Kurz
2017-03-06 17:54 ` [Qemu-devel] [PULL 1/6] 9pfs: fix bogus fd check in local_remove() Greg Kurz
2017-03-06 17:54 ` [Qemu-devel] [PULL 2/6] 9pfs: fix fd leak in local_opendir() Greg Kurz
2017-03-06 17:54 ` [Qemu-devel] [PULL 3/6] 9pfs: fail local_statfs() earlier Greg Kurz
2017-03-06 17:54 ` [Qemu-devel] [PULL 4/6] 9pfs: don't use AT_EMPTY_PATH in local_set_cred_passthrough() Greg Kurz
2017-03-06 17:54 ` Greg Kurz [this message]
2017-03-06 17:54 ` [Qemu-devel] [PULL 6/6] 9pfs: fix vulnerability in openat_dir() and local_unlinkat_common() Greg Kurz
2017-03-06 21:16 ` [Qemu-devel] [PULL 0/6] 9pfs fixes for 2.9 2017-03-06 Mark Cave-Ayland
2017-03-07 9:57 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488822850-23070-6-git-send-email-groug@kaod.org \
--to=groug@kaod.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).