Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Thu, 28 Jan 2021 15:00:58 +0100 Miklos Szeredi wrote: > On Thu, Jan 28, 2021 at 1:15 PM Greg Kurz wrote: > > > > On Wed, 27 Jan 2021 16:52:56 +0100 > > Miklos Szeredi wrote: > > > > > On Wed, Jan 27, 2021 at 4:47 PM Miklos Szeredi > > > wrote: > > > > > > > > On Wed, Jan 27, 2021 at 4:35

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Thu, Jan 28, 2021 at 1:15 PM Greg Kurz wrote: > > On Wed, 27 Jan 2021 16:52:56 +0100 > Miklos Szeredi wrote: > > > On Wed, Jan 27, 2021 at 4:47 PM Miklos Szeredi wrote: > > > > > > On Wed, Jan 27, 2021 at 4:35 PM Greg Kurz wrote: > > > > > > > > On Wed, 27 Jan 2021 16:22:49 +0100 > > > >

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, 27 Jan 2021 16:52:56 +0100 Miklos Szeredi wrote: > On Wed, Jan 27, 2021 at 4:47 PM Miklos Szeredi wrote: > > > > On Wed, Jan 27, 2021 at 4:35 PM Greg Kurz wrote: > > > > > > On Wed, 27 Jan 2021 16:22:49 +0100 > > > Miklos Szeredi wrote: > > > > > > > On Wed, Jan 27, 2021 at 4:09 PM

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, Jan 27, 2021 at 4:47 PM Miklos Szeredi wrote: > > On Wed, Jan 27, 2021 at 4:35 PM Greg Kurz wrote: > > > > On Wed, 27 Jan 2021 16:22:49 +0100 > > Miklos Szeredi wrote: > > > > > On Wed, Jan 27, 2021 at 4:09 PM Greg Kurz wrote: > > > > > > > > On Wed, 27 Jan 2021 15:09:50 +0100 > > > >

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, Jan 27, 2021 at 4:35 PM Greg Kurz wrote: > > On Wed, 27 Jan 2021 16:22:49 +0100 > Miklos Szeredi wrote: > > > On Wed, Jan 27, 2021 at 4:09 PM Greg Kurz wrote: > > > > > > On Wed, 27 Jan 2021 15:09:50 +0100 > > > Miklos Szeredi wrote: > > > > The semantics of O_CREATE are that it can

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, 27 Jan 2021 16:22:49 +0100 Miklos Szeredi wrote: > On Wed, Jan 27, 2021 at 4:09 PM Greg Kurz wrote: > > > > On Wed, 27 Jan 2021 15:09:50 +0100 > > Miklos Szeredi wrote: > > > The semantics of O_CREATE are that it can fail neither because the > > > file exists nor because it doesn't.

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, Jan 27, 2021 at 4:09 PM Greg Kurz wrote: > > On Wed, 27 Jan 2021 15:09:50 +0100 > Miklos Szeredi wrote: > > The semantics of O_CREATE are that it can fail neither because the > > file exists nor because it doesn't. This doesn't matter if the > > exported tree is not modified outside of

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, 27 Jan 2021 15:09:50 +0100 Miklos Szeredi wrote: > On Wed, Jan 27, 2021 at 2:49 PM Greg Kurz wrote: > > > > On Wed, 27 Jan 2021 11:34:52 +0100 > > Miklos Szeredi wrote: > > > > Another solution specifically for O_CREAT without O_EXCL would be to > > > turn it into an exclusive create.

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, Jan 27, 2021 at 2:49 PM Greg Kurz wrote: > > On Wed, 27 Jan 2021 11:34:52 +0100 > Miklos Szeredi wrote: > > Another solution specifically for O_CREAT without O_EXCL would be to > > turn it into an exclusive create. > > Would this added O_EXCL then appear on the client side, e.g. to >

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, 27 Jan 2021 11:34:52 +0100 Miklos Szeredi wrote: > On Wed, Jan 27, 2021 at 11:20 AM Greg Kurz wrote: > > > > On Wed, 27 Jan 2021 10:25:28 +0100 > > Miklos Szeredi wrote: > > > > > On Tue, Jan 26, 2021 at 6:18 PM Greg Kurz wrote: > > > > > > > > On Tue, 26 Jan 2021 10:35:02 + > > >

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, Jan 27, 2021 at 11:20 AM Greg Kurz wrote: > > On Wed, 27 Jan 2021 10:25:28 +0100 > Miklos Szeredi wrote: > > > On Tue, Jan 26, 2021 at 6:18 PM Greg Kurz wrote: > > > > > > On Tue, 26 Jan 2021 10:35:02 + > > > Stefan Hajnoczi wrote: > > > > > The patch looks pretty good to me. It

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Wed, 27 Jan 2021 10:25:28 +0100 Miklos Szeredi wrote: > On Tue, Jan 26, 2021 at 6:18 PM Greg Kurz wrote: > > > > On Tue, 26 Jan 2021 10:35:02 + > > Stefan Hajnoczi wrote: > > > The patch looks pretty good to me. It just seems to be missing a change in > > lo_create(): > > > > fd =

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Tue, Jan 26, 2021 at 06:16:04PM +0100, Greg Kurz wrote: > On Tue, 26 Jan 2021 10:35:02 + > Stefan Hajnoczi wrote: > > > A well-behaved FUSE client does not attempt to open special files with > > FUSE_OPEN because they are handled on the client side (e.g. device nodes > > are handled by

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Tue, Jan 26, 2021 at 6:18 PM Greg Kurz wrote: > > On Tue, 26 Jan 2021 10:35:02 + > Stefan Hajnoczi wrote: > The patch looks pretty good to me. It just seems to be missing a change in > lo_create(): > > fd = openat(parent_inode->fd, name, (fi->flags | O_CREAT) & ~O_NOFOLLOW, >

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On Tue, 26 Jan 2021 10:35:02 + Stefan Hajnoczi wrote: > A well-behaved FUSE client does not attempt to open special files with > FUSE_OPEN because they are handled on the client side (e.g. device nodes > are handled by client-side device drivers). > > The check to prevent virtiofsd from

Re: [Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)

On 26/01/2021 10:35, Stefan Hajnoczi wrote: A well-behaved FUSE client does not attempt to open special files with FUSE_OPEN because they are handled on the client side (e.g. device nodes are handled by client-side device drivers). The check to prevent virtiofsd from opening special files is