On 03/06/2017 02:29 AM, Greg Kurz wrote: > We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make > QEMU vulnerable. > > While here, we also fix local_unlinkat_common() to use openat_dir() for > the same reasons (it was a leftover in the original patchset actually). > > This fixes CVE-2016-9602. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > Reviewed-by: Daniel P. Berrange <berra...@redhat.com> > -- > v2: - keep O_PATH (Eric Blake)
Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
