Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On Wed, 9 Aug 2017 10:59:46 -0500 Eric Blake wrote: > On 08/09/2017 10:22 AM, Greg Kurz wrote: > > >>> > >>> The solution is to use O_PATH: openat() now succeeds in both cases, and we > >>> can ensure the path isn't a symlink with fstat(). The associated entry in > >>>

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On 08/09/2017 10:22 AM, Greg Kurz wrote: >>> >>> The solution is to use O_PATH: openat() now succeeds in both cases, and we >>> can ensure the path isn't a symlink with fstat(). The associated entry in >>> "/proc/self/fd" can hence be safely passed to the regular chmod() syscall. >> >> Hey -

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On Wed, 9 Aug 2017 18:11:51 +0300 Michael Tokarev wrote: > 09.08.2017 17:23, Greg Kurz wrote: > > This function has to ensure it doesn't follow a symlink that could be used > > to escape the virtfs directory. This could be easily achieved if fchmodat() > > on linux honored the

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On Wed, 9 Aug 2017 10:01:14 -0500 Eric Blake wrote: > On 08/09/2017 09:55 AM, Eric Blake wrote: > > On 08/09/2017 09:23 AM, Greg Kurz wrote: > >> This function has to ensure it doesn't follow a symlink that could be used > >> to escape the virtfs directory. This could be

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On Wed, 9 Aug 2017 09:55:32 -0500 Eric Blake wrote: > On 08/09/2017 09:23 AM, Greg Kurz wrote: > > This function has to ensure it doesn't follow a symlink that could be used > > to escape the virtfs directory. This could be easily achieved if fchmodat() > > on linux honored

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

09.08.2017 17:23, Greg Kurz wrote: > This function has to ensure it doesn't follow a symlink that could be used > to escape the virtfs directory. This could be easily achieved if fchmodat() > on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but > it doesn't. > > The current

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On 08/09/2017 09:55 AM, Eric Blake wrote: > On 08/09/2017 09:23 AM, Greg Kurz wrote: >> This function has to ensure it doesn't follow a symlink that could be used >> to escape the virtfs directory. This could be easily achieved if fchmodat() >> on linux honored the AT_SYMLINK_NOFOLLOW flag as

Re: [Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

On 08/09/2017 09:23 AM, Greg Kurz wrote: > This function has to ensure it doesn't follow a symlink that could be used > to escape the virtfs directory. This could be easily achieved if fchmodat() > on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but > it doesn't. Might be

[Qemu-devel] [for-2.10 PATCH v2] 9pfs: local: fix fchmodat_nofollow() limitations

This function has to ensure it doesn't follow a symlink that could be used to escape the virtfs directory. This could be easily achieved if fchmodat() on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but it doesn't. The current implementation covers most use-cases, but it