aboutsummaryrefslogtreecommitdiff
path: root/tcg/s390
diff options
context:
space:
mode:
authorGreg Kurz <groug@kaod.org>2017-02-26 23:44:46 +0100
committerGreg Kurz <groug@kaod.org>2017-02-28 11:21:15 +0100
commit38771613ea6759f499645afd709aa422161eb27e (patch)
treeac69164fab339a162ead32200cd19c512c225d21 /tcg/s390
parentd369f20763a857eac544a5289a046d0285a91df8 (diff)
downloadqemu-38771613ea6759f499645afd709aa422161eb27e.zip
qemu-38771613ea6759f499645afd709aa422161eb27e.tar.gz
qemu-38771613ea6759f499645afd709aa422161eb27e.tar.bz2
9pfs: local: symlink: don't follow symlinks
The local_symlink() callback is vulnerable to symlink attacks because it calls: (1) symlink() which follows symbolic links for all path elements but the rightmost one (2) open(O_NOFOLLOW) which follows symbolic links for all path elements but the rightmost one (3) local_set_xattr()->setxattr() which follows symbolic links for all path elements (4) local_set_mapped_file_attr() which calls in turn local_fopen() and mkdir(), both functions following symbolic links for all path elements but the rightmost one This patch converts local_symlink() to rely on opendir_nofollow() and symlinkat() to fix (1), openat(O_NOFOLLOW) to fix (2), as well as local_set_xattrat() and local_set_mapped_file_attrat() to fix (3) and (4) respectively. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'tcg/s390')
0 files changed, 0 insertions, 0 deletions