From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: qemu-devel@nongnu.org
Cc: Greg Kurz <groug@kaod.org>,
Mauro Matteo Cascella <mcascell@redhat.com>,
yw s <ywsplz@gmail.com>,
shawtao1125@gmail.com, jkli@xidian.edu.cn, shenwenbo@zju.edu.cn,
Michael Tokarev <mjt@tls.msk.ru>
Subject: Re: [PATCH v2] 9pfs: prevent opening special files (CVE-2023-2861)
Date: Wed, 07 Jun 2023 13:05:29 +0200 [thread overview]
Message-ID: <2270849.YxrqnBgBBS@silver> (raw)
In-Reply-To: <8f32cd65-83e8-89d4-0825-1fe62f5b09ad@tls.msk.ru>
On Tuesday, June 6, 2023 8:48:49 PM CEST Michael Tokarev wrote:
> 06.06.2023 16:57, Christian Schoenebeck wrote:
[...]
> > + /* CVE-2023-2861: Prohibit opening any special file directly on host
> > + * (especially device files), as a compromised client could potentially
> > + * gain access outside exported tree under certain, unsafe setups. We
> > + * expect client to handle I/O on special files exclusively on guest side.
> > + */
> > + if (qemu_fstat(fd, &stbuf) < 0) {
> > + close_preserve_errno(fd);
> > + return -1;
> > + }
> > + if (!S_ISREG(stbuf.st_mode) && !S_ISDIR(stbuf.st_mode)) {
> > + /* Tcreate and Tlcreate 9p messages mandate to immediately open the
> > + * created file for I/O. So this is not (necessarily) due to a broken
> > + * client, and hence no error message is to be reported in this case.
> > + */
> > + if (!(flags & O_CREAT)) {
> > + error_report_once(
> > + "9p: broken or compromised client detected; attempt to open "
> > + "special file (i.e. neither regular file, nor directory)"
> > + );
> > + }
> > + close(fd);
> > + errno = ENXIO;
> > + return -1;
> > + }
> > +
>
> can't we re-use this same code used in two places, placing it into an inline
> function, such as is_file_regular_or_dir(fd) ? It smells like a very good
> candidate for implementing it in a single place..
Yeah, my plan was to officially deprecate 9p proxy subsequently, so I didn't
care too much about code duplication, but I guess you are right, it is simple
enough to do it right.
Best regards,
Christian Schoenebeck
prev parent reply other threads:[~2023-06-07 11:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-06 13:57 [PATCH v2] 9pfs: prevent opening special files (CVE-2023-2861) Christian Schoenebeck
2023-06-06 16:00 ` Greg Kurz
2023-06-07 11:02 ` Christian Schoenebeck
2023-06-07 13:24 ` Greg Kurz
2023-06-07 13:27 ` Christian Schoenebeck
2023-06-06 18:48 ` Michael Tokarev
2023-06-07 11:05 ` Christian Schoenebeck [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2270849.YxrqnBgBBS@silver \
--to=qemu_oss@crudebyte.com \
--cc=groug@kaod.org \
--cc=jkli@xidian.edu.cn \
--cc=mcascell@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=qemu-devel@nongnu.org \
--cc=shawtao1125@gmail.com \
--cc=shenwenbo@zju.edu.cn \
--cc=ywsplz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).