From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:47104)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1UglA2-0006d7-Ag
	for qemu-devel@nongnu.org; Sun, 26 May 2013 20:19:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1Ugl9t-0000wp-2i
	for qemu-devel@nongnu.org; Sun, 26 May 2013 20:19:38 -0400
Message-ID: <51A2A68B.9090703@suse.de>
Date: Mon, 27 May 2013 02:19:23 +0200
From: =?UTF-8?B?QW5kcmVhcyBGw6RyYmVy?= <afaerber@suse.de>
MIME-Version: 1.0
References: <1369575248-31854-1-git-send-email-afaerber@suse.de>
	<51A2A4B6.2030400@redhat.com>
In-Reply-To: <51A2A4B6.2030400@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH stable-1.1] qga: set umask 0077 when
	daemonizing (CVE-2013-2007)
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Laszlo Ersek <lersek@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>, qemu-devel@nongnu.org, qemu-stable@nongnu.org

Am 27.05.2013 02:11, schrieb Laszlo Ersek:
> On 05/26/13 15:34, Andreas F=C3=A4rber wrote:
>> From: Laszlo Ersek <lersek@redhat.com>
>>
>> The qemu guest agent creates a bunch of files with insecure permission=
s
>> when started in daemon mode. For example:
>>
>>   -rw-rw-rw- 1 root root /var/log/qemu-ga.log
>>   -rw-rw-rw- 1 root root /var/run/qga.state
>>   -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log
>>
>> In addition, at least all files created with the "guest-file-open" QMP
>> command, and all files created with shell output redirection (or
>> otherwise) by utilities invoked by the fsfreeze hook script are affect=
ed.
>>
>> For now mask all file mode bits for "group" and "others" in
>> become_daemon().
>>
>> Temporarily, for compatibility reasons, stick with the 0666 file-mode =
in
>> case of files newly created by the "guest-file-open" QMP call. Do so
>> without changing the umask temporarily.
>>
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
>> (cherry picked from commit c689b4f1bac352dcfd6ecb9a1d45337de0f1de67)
>>
>> [AF: Use error_set() instead of error_setg*()]
>> Signed-off-by: Andreas F=C3=A4rber <afaerber@suse.de>
>> ---
>>  qemu-ga.c            |   2 +-
>>  qga/commands-posix.c | 117 ++++++++++++++++++++++++++++++++++++++++++=
+++++++--
>>  2 files changed, 115 insertions(+), 4 deletions(-)
[...]
> Looks good to me.
>=20
> Do you plan to backport
>=20
>   8fe6bbc qga: distinguish binary modes in "guest_file_open_modes" map
>   2b72001 qga: unlink just created guest-file if fchmod() or fdopen()
>           fails on it
>=20
> too? These are considered polish for the CVE fix.

I did backport both to openSUSE 12.2 - they apply without conflicts. :)
I mainly posted this one to check if there are better QERRs to use.

> Also, a side-note: existing world-writable log files etc. are not
> recreated nor have their modes changed, so maybe a release note or some
> such would be useful for admins ("delete your previous logfile &
> optional unix domain socket, or change their modes manually").

Feel free to add a note to the 1.5 Release Notes - it can then be copied
to the previous releases we backport this fix to.

Apart from 1.1 I backported to our 1.3 branch.

Andreas

--=20
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=C3=BCrnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imend=C3=B6rffer; HRB 16746 AG N=C3=BC=
rnberg