On Mon, Feb 20, 2017 at 03:41:08PM +0100, Greg Kurz wrote: > The local_utimensat() callback is vulnerable to symlink attacks because it > calls qemu_utimens()->utimensat(AT_SYMLINK_NOFOLLOW) which follows symbolic > links in all path elements but the rightmost one or qemu_utimens()->utimes() > which follows symbolic links for all path elements. > > This patch converts local_utimensat() to rely on opendir_nofollow() and > utimensat(AT_SYMLINK_NOFOLLOW) directly instead of using qemu_utimens(). > It is hence assumed that the OS supports utimensat(), i.e. has glibc 2.6 > or higher and linux 2.6.22 or higher, which seems reasonable nowadays. > > This partly fixes CVE-2016-9602. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > --- > hw/9pfs/9p-local.c | 19 +++++++++++++------ > 1 file changed, 13 insertions(+), 6 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
signature.asc
Description: PGP signature
