From: Greg Kurz <groug@kaod.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Felix Wilhelm <fwilhelm@ernw.de>,
"Michael S. Tsirkin" <mst@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
P J P <ppandit@redhat.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
qemu-stable@nongnu.org, Michael Roth <mdroth@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes
Date: Wed, 31 Aug 2016 11:33:21 +0200 [thread overview]
Message-ID: <20160831113321.298b0139@bahia.lan> (raw)
In-Reply-To: <CAFEAcA_1SHYR6NoxG3Lo3qvw2cV7f=SJSdqKQYGCNdMKd6Ln+Q@mail.gmail.com>
On Tue, 30 Aug 2016 15:39:13 -0400
Peter Maydell <peter.maydell@linaro.org> wrote:
> On 30 August 2016 at 14:29, Peter Maydell <peter.maydell@linaro.org> wrote:
> > On 30 August 2016 at 18:10, Greg Kurz <groug@kaod.org> wrote:
> >> As reported by Felix Wilhelm, at various places in 9pfs, full paths are
> >> created by concatenating a guest originated string to the export path. A
> >> malicious guest could forge a relative path and access files outside the
> >> export path.
> >>
> >> A tentative fix was sent recently by Prasad J Pandit, but it was only
> >> focused on the local backend and did not get a positive review. This series
> >> tries to address the issue more globally, based on the official 9P spec.
> >>
> >> I wasn't running the TUXERA test suite correctly and overlooked a failure
> >> with symbolic links (thanks Aneesh for your assistance). This v4 is basically
> >> the same as v3 with a change in patch 1/3.
> >>
> >> ---
> >>
> >> Greg Kurz (3):
> >> 9pfs: forbid illegal path names
> >> 9pfs: forbid . and .. in file names
> >> 9pfs: handle walk of ".." in the root directory
> >
> > I see the cover letter and patches 1 and 2 in my email client
> > and in patchwork. Where is patch 3? (If it's identical to the v3
> > patch 3 I can get that...)
>
> Ah, it just arrived. Applied all to master, thanks.
>
> -- PMM
>
FWIW, this also applies to 2.6.1.
Cheers.
--
Greg
next prev parent reply other threads:[~2016-08-31 9:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-30 17:10 [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes Greg Kurz
2016-08-30 17:11 ` [Qemu-devel] [PATCH v4 1/3] 9pfs: forbid illegal path names Greg Kurz
2016-08-30 18:03 ` Eric Blake
2016-08-30 19:27 ` Greg Kurz
2016-08-31 2:42 ` Aneesh Kumar K.V
2016-08-30 17:13 ` [Qemu-devel] [PATCH v4 2/3] 9pfs: forbid . and .. in file names Greg Kurz
2016-08-30 18:06 ` Eric Blake
2016-08-30 19:03 ` Greg Kurz
2016-08-30 18:19 ` [Qemu-devel] [PATCH v4 0/3] 9pfs security fixes Michael S. Tsirkin
2016-08-30 18:29 ` Peter Maydell
2016-08-30 19:39 ` Peter Maydell
2016-08-31 9:33 ` Greg Kurz [this message]
2016-08-30 18:40 ` [Qemu-devel] [PATCH v4 3/3] 9pfs: handle walk of ".." in the root directory Greg Kurz
2016-09-15 22:22 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160831113321.298b0139@bahia.lan \
--to=groug@kaod.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=fwilhelm@ernw.de \
--cc=mdroth@linux.vnet.ibm.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).