aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorChristian Schoenebeck <qemu_oss@crudebyte.com>2023-06-07 18:29:33 +0200
committerMichael Tokarev <mjt@tls.msk.ru>2023-06-08 23:52:29 +0300
commit10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 (patch)
tree0e97f4f23b862516ee74bc4e83541dc6a6eead74 /include
parent07e7102b8eb822d9c035c329382d8a3d9cf9bfd6 (diff)
9pfs: prevent opening special files (CVE-2023-2861)
The 9p protocol does not specifically define how server shall behave when client tries to open a special file, however from security POV it does make sense for 9p server to prohibit opening any special file on host side in general. A sane Linux 9p client for instance would never attempt to open a special file on host side, it would always handle those exclusively on its guest side. A malicious client however could potentially escape from the exported 9p tree by creating and opening a device file on host side. With QEMU this could only be exploited in the following unsafe setups: - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough' security model. or - Using 9p 'proxy' fs driver (which is running its helper daemon as root). These setups were already discouraged for safety reasons before, however for obvious reasons we are now tightening behaviour on this. Fixes: CVE-2023-2861 Reported-by: Yanwu Shen <ywsPlz@gmail.com> Reported-by: Jietao Xiao <shawtao1125@gmail.com> Reported-by: Jinku Li <jkli@xidian.edu.cn> Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com> (cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> (Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used)
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions