[Qemu-stable] [PATCH 02/26] hw/9pfs: use O_NOFOLLOW for mapped readlink

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [PATCH 02/26] hw/9pfs: use O_NOFOLLOW for mapped readlink

From:	Michael Roth
Subject:	[Qemu-stable] [PATCH 02/26] hw/9pfs: use O_NOFOLLOW for mapped readlink operation
Date:	Wed, 12 Jun 2013 16:41:14 -0500

From: "Aneesh Kumar K.V" <address@hidden>

With mapped security models like mapped-xattr and mapped-file, we save the
symlink target as file contents. Now if we ever expose a normal directory
with mapped security model and find real symlinks in export path, never
follow them and return proper error.

Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Aneesh Kumar K.V <address@hidden>
(cherry picked from commit aed858ce10ef09c7bdf03f73e75e772f567c74cd)

Signed-off-by: Michael Roth <address@hidden>
---
 hw/9pfs/virtio-9p-local.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index 6ece6f7..87aa75d 100644
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -284,7 +284,7 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath 
*fs_path,
     if ((fs_ctx->export_flags & V9FS_SM_MAPPED) ||
         (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE)) {
         int fd;
-        fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
+        fd = open(rpath(fs_ctx, path, buffer), O_RDONLY | O_NOFOLLOW);
         if (fd == -1) {
             return -1;
         }
-- 
1.7.9.5

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-stable] Patch Round-up for stable 1.5.1, freeze on 2013-06-19, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 01/26] hw/9pfs: Fix segfault with 9p2000.u, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 03/26] rtl8139: flush queued packets when RxBufPtr is written, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 02/26] hw/9pfs: use O_NOFOLLOW for mapped readlink operation, Michael Roth <=
- [Qemu-stable] [PATCH 04/26] qom/object: Don't poll cast cache for NULL objects, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 05/26] xen: simplify xen_enabled, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 06/26] main_loop: do not set nonblocking if xen_enabled(), Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 07/26] xen_machine_pv: do not create a dummy CPU in machine->init, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 08/26] chardev: fix "info chardev" output, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 09/26] ide: Set BSY bit during FLUSH, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 10/26] Revert "roms: switch oldnoconfig to olddefconfig", Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 12/26] target-i386: fix abort on bad PML4E/PDPTE/PDE/PTE addresses, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 13/26] Remove OSS support for OpenBSD, Michael Roth, 2013/06/12
- [Qemu-stable] [PATCH 14/26] xen: start PCI hole at 0xe0000000 (same as pc_init1 and qemu-xen-traditional), Michael Roth, 2013/06/12

Prev by Date: [Qemu-stable] [PATCH 03/26] rtl8139: flush queued packets when RxBufPtr is written
Next by Date: [Qemu-stable] [PATCH 04/26] qom/object: Don't poll cast cache for NULL objects
Previous by thread: [Qemu-stable] [PATCH 03/26] rtl8139: flush queued packets when RxBufPtr is written
Next by thread: [Qemu-stable] [PATCH 04/26] qom/object: Don't poll cast cache for NULL objects
Index(es):
- Date
- Thread