From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: qemu-stable@nongnu.org, qemu-devel@nongnu.org,
stefanha@redhat.com, yavrahami@paloaltonetworks.com,
mszeredi@redhat.com, mreitz@redhat.com
Subject: Re: [PULL 0/6] virtiofs queue
Date: Fri, 1 May 2020 20:28:45 +0100 [thread overview]
Message-ID: <20200501192845.GB3374@work-vm> (raw)
In-Reply-To: <20200501191500.126432-1-dgilbert@redhat.com>
Dear Stable,
From this series, the fixes:
virtiofsd: add --rlimit-nofile=NUM option
virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
and
virtiofsd: Show submounts
should probably be backported.
Dave
* Dr. David Alan Gilbert (git) (dgilbert@redhat.com) wrote:
> From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
>
> The following changes since commit 1c47613588ccff44422d4bdeea0dc36a0a308ec7:
>
> Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2020-04-30 19:25:41 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20200501
>
> for you to fetch changes up to 66502bbca37ca7a3bfa57e82cfc03b89a7a11eae:
>
> virtiofsd: drop all capabilities in the wait parent process (2020-05-01 20:05:37 +0100)
>
> ----------------------------------------------------------------
> virtiofsd: Pull 2020-05-01 (includes CVE fix)
>
> This set includes a security fix, other fixes and improvements.
>
> Security fix:
> The security fix is for CVE-2020-10717 where, on low RAM hosts,
> the guest can potentially exceed the maximum fd limit.
> This fix adds some more configuration so that the user
> can explicitly set the limit.
> Thank you to Yuval Avrahami for reporting this.
>
> Fixes:
>
> Recursive mounting of the exported directory is now used in
> the sandbox, such that if there was a mount underneath present at
> the time the virtiofsd was started, that mount is also
> visible to the guest; in the existing code, only mounts that
> happened after startup were visible.
>
> Security improvements:
>
> The jailing for /proc/self/fd is improved - but it's something
> that shouldn't be accessible anyway.
>
> Most capabilities are now dropped at startup; again this shouldn't
> change any behaviour but is extra protection.
>
> ----------------------------------------------------------------
> Max Reitz (1):
> virtiofsd: Show submounts
>
> Miklos Szeredi (1):
> virtiofsd: jail lo->proc_self_fd
>
> Stefan Hajnoczi (4):
> virtiofsd: add --rlimit-nofile=NUM option
> virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
> virtiofsd: only retain file system capabilities
> virtiofsd: drop all capabilities in the wait parent process
>
> tools/virtiofsd/fuse_lowlevel.h | 1 +
> tools/virtiofsd/helper.c | 47 ++++++++++++++++++
> tools/virtiofsd/passthrough_ll.c | 102 ++++++++++++++++++++++++++++++++-------
> 3 files changed, 133 insertions(+), 17 deletions(-)
>
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2020-05-01 19:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-01 19:14 [PULL 0/6] virtiofs queue Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 1/6] virtiofsd: add --rlimit-nofile=NUM option Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 2/6] virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 3/6] virtiofsd: jail lo->proc_self_fd Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 4/6] virtiofsd: Show submounts Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 5/6] virtiofsd: only retain file system capabilities Dr. David Alan Gilbert (git)
2020-05-01 19:15 ` [PULL 6/6] virtiofsd: drop all capabilities in the wait parent process Dr. David Alan Gilbert (git)
2020-05-01 19:28 ` Dr. David Alan Gilbert [this message]
2020-05-03 13:11 ` [PULL 0/6] virtiofs queue Peter Maydell
2020-05-04 8:13 ` Dr. David Alan Gilbert
-- strict thread matches above, loose matches on Subject: below --
2021-02-16 18:37 Dr. David Alan Gilbert (git)
2021-02-17 19:18 ` Peter Maydell
2020-02-21 13:25 Dr. David Alan Gilbert (git)
2020-02-21 18:37 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200501192845.GB3374@work-vm \
--to=dgilbert@redhat.com \
--cc=mreitz@redhat.com \
--cc=mszeredi@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@redhat.com \
--cc=yavrahami@paloaltonetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).