From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39542) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XCXv1-0000T8-04 for qemu-devel@nongnu.org; Wed, 30 Jul 2014 13:44:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XCXut-0001dm-6I for qemu-devel@nongnu.org; Wed, 30 Jul 2014 13:44:02 -0400 Received: from e23smtp03.au.ibm.com ([202.81.31.145]:39450) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XCXus-0001dV-Hq for qemu-devel@nongnu.org; Wed, 30 Jul 2014 13:43:55 -0400 Received: from /spool/local by e23smtp03.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 31 Jul 2014 03:43:49 +1000 Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [9.190.235.152]) by d23dlp02.au.ibm.com (Postfix) with ESMTP id 2D1DD2BB0023 for ; Thu, 31 Jul 2014 03:43:46 +1000 (EST) Received: from d23av02.au.ibm.com (d23av02.au.ibm.com [9.190.235.138]) by d23relay05.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id s6UHKdRf6029790 for ; Thu, 31 Jul 2014 03:20:45 +1000 Received: from d23av02.au.ibm.com (localhost [127.0.0.1]) by d23av02.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s6UHhen3020509 for ; Thu, 31 Jul 2014 03:43:40 +1000 From: "Aneesh Kumar K.V" In-Reply-To: <87k36u3jbv.fsf@linux.vnet.ibm.com> References: <53D90245.2050903@msgid.tls.msk.ru> <87k36u3jbv.fsf@linux.vnet.ibm.com> Date: Wed, 30 Jul 2014 23:13:37 +0530 Message-ID: <87egx23fp2.fsf@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [Qemu-devel] 9p mapped-* security model infos are architecture-specific List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Michael Tokarev , Qemu Development List "Aneesh Kumar K.V" writes: > Michael Tokarev writes: > >> Apparently the the mapped-* security models results in a raw bytes >> being dumped to host without any architecture normalization (in >> host byte order). This may even lead to security issues in guest >> when the same files are served from another host for example. >> >> This bug has been initially submitted against debian qemu package, see >> http://bugs.debian.org/755740 >> > > Thanks for reporting the bug. Yes we do have issue with > mapped-xattr. But mapped-file should be ok. We record the uid/gid as > string in the file. What would be the best way to fix this in a backward compatible way ? Considering most of the users will be little endian host, we could do "always store in little endian format" which of-course will break big-endian hosts. We could possibly ask them to update xattr using external tools ? diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c index 3b0b6a9b1d7d..cd662410420e 100644 --- a/hw/9pfs/virtio-9p-local.c +++ b/hw/9pfs/virtio-9p-local.c @@ -135,17 +135,17 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) mode_t tmp_mode; dev_t tmp_dev; if (getxattr(buffer, "user.virtfs.uid", &tmp_uid, sizeof(uid_t)) > 0) { - stbuf->st_uid = tmp_uid; + stbuf->st_uid = le32_to_cpu(tmp_uid); } if (getxattr(buffer, "user.virtfs.gid", &tmp_gid, sizeof(gid_t)) > 0) { - stbuf->st_gid = tmp_gid; + stbuf->st_gid = le32_to_cpu(tmp_gid); } if (getxattr(buffer, "user.virtfs.mode", &tmp_mode, sizeof(mode_t)) > 0) { - stbuf->st_mode = tmp_mode; + stbuf->st_mode = le32_to_cpu(tmp_mode); } if (getxattr(buffer, "user.virtfs.rdev", &tmp_dev, sizeof(dev_t)) > 0) { - stbuf->st_rdev = tmp_dev; + stbuf->st_rdev = le64_to_cpu(tmp_dev); } } else if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) { local_mapped_file_attr(fs_ctx, path, stbuf); @@ -255,29 +255,29 @@ static int local_set_xattr(const char *path, FsCred *credp) int err; if (credp->fc_uid != -1) { - err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t), - 0); + uint32_t tmp_uid = cpu_to_le32(credp->fc_uid); + err = setxattr(path, "user.virtfs.uid", &tmp_uid, sizeof(uid_t), 0); if (err) { return err; } } if (credp->fc_gid != -1) { - err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t), - 0); + uint32_t tmp_gid = cpu_to_le32(credp->fc_gid); + err = setxattr(path, "user.virtfs.gid", &tmp_gid, sizeof(gid_t), 0); if (err) { return err; } } if (credp->fc_mode != -1) { - err = setxattr(path, "user.virtfs.mode", &credp->fc_mode, - sizeof(mode_t), 0); + uint32_t tmp_mode = cpu_to_le32(credp->fc_mode); + err = setxattr(path, "user.virtfs.mode", &tmp_mode, sizeof(mode_t), 0); if (err) { return err; } } if (credp->fc_rdev != -1) { - err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev, - sizeof(dev_t), 0); + uint64_t tmp_rdev = cpu_to_le32(credp->fc_rdev); + err = setxattr(path, "user.virtfs.rdev", &tmp_rdev, sizeof(dev_t), 0); if (err) { return err; } @@ -630,21 +630,17 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, mode_t tmp_mode; dev_t tmp_dev; - if (fgetxattr(fd, "user.virtfs.uid", - &tmp_uid, sizeof(uid_t)) > 0) { - stbuf->st_uid = tmp_uid; + if (fgetxattr(fd, "user.virtfs.uid", &tmp_uid, sizeof(uid_t)) > 0) { + stbuf->st_uid = le32_to_cpu(tmp_uid); } - if (fgetxattr(fd, "user.virtfs.gid", - &tmp_gid, sizeof(gid_t)) > 0) { - stbuf->st_gid = tmp_gid; + if (fgetxattr(fd, "user.virtfs.gid", &tmp_gid, sizeof(gid_t)) > 0) { + stbuf->st_gid = le32_to_cpu(tmp_gid); } - if (fgetxattr(fd, "user.virtfs.mode", - &tmp_mode, sizeof(mode_t)) > 0) { - stbuf->st_mode = tmp_mode; + if (fgetxattr(fd, "user.virtfs.mode", &tmp_mode, sizeof(mode_t)) > 0) { + stbuf->st_mode = le32_to_cpu(tmp_mode); } - if (fgetxattr(fd, "user.virtfs.rdev", - &tmp_dev, sizeof(dev_t)) > 0) { - stbuf->st_rdev = tmp_dev; + if (fgetxattr(fd, "user.virtfs.rdev", &tmp_dev, sizeof(dev_t)) > 0) { + stbuf->st_rdev = le64_to_cpu(tmp_dev); } } else if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) { errno = EOPNOTSUPP;