[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC. |
|
Date: |
Thu, 13 Dec 2018 13:58:28 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Gerd Hoffmann <address@hidden> writes:
> Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
> While being at it also add O_CLOEXEC.
>
> usb-mtp only handles regular files and directories and ignores
> everything else, so users should not see a difference.
>
> Because qemu ignores symlinks carrying out an successfull symlink attack
> requires swapping an existing file or directory below rootdir for a
> symlink and winning the race against the inotify notification to qemu.
>
> Note that the impact of this bug is rather low when qemu is managed by
> libvirt due to qemu running sandboxed, so there isn't much you can gain
> access to that way.
>
> Fixes: CVE-2018-pjp-please-get-one
Ah, looks like we've run out of numbers.
> Cc: Prasad J Pandit <address@hidden>
> Cc: Bandan Das <address@hidden>
> Reported-by: Michael Hanselmann <address@hidden>
> Signed-off-by: Gerd Hoffmann <address@hidden>