* [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
@ 2013-05-08 15:31 Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 1/2] qga: distinguish binary modes in "guest_file_open_modes" map Laszlo Ersek
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Laszlo Ersek @ 2013-05-08 15:31 UTC (permalink / raw)
To: eblake, aliguori, peter.maydell, mdroth, qemu-devel
I should have paid more attention to portability and error path cleanup
in the CVE-2013-2007 fix.
(We continue to assume, like the rest of qemu code, that
qemu_set_cloexec() never fails internally. This should be a reasonable
assumption when the input fd is valid.)
Laszlo Ersek (2):
qga: distinguish binary modes in "guest_file_open_modes" map
qga: unlink just created guest-file if fchmod() or fdopen() fails on
it
qga/commands-posix.c | 25 +++++++++++++++++++------
1 files changed, 19 insertions(+), 6 deletions(-)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Qemu-devel] [PATCH v2 1/2] qga: distinguish binary modes in "guest_file_open_modes" map
2013-05-08 15:31 [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Laszlo Ersek
@ 2013-05-08 15:31 ` Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 2/2] qga: unlink just created guest-file if fchmod() or fdopen() fails on it Laszlo Ersek
` (2 subsequent siblings)
3 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2013-05-08 15:31 UTC (permalink / raw)
To: eblake, aliguori, peter.maydell, mdroth, qemu-devel
In Windows guests this may make a difference.
Since the original patch (commit c689b4f1) sought to be pedantic and to
consider theoretical corner cases of portability, we should fix it up
where it failed to come through in that pursuit.
Suggested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
qga/commands-posix.c | 22 ++++++++++++++++------
1 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 04c6951..2eec712 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -242,17 +242,27 @@ static GuestFileHandle *guest_file_handle_find(int64_t id, Error **err)
typedef const char * const ccpc;
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
/* http://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html */
static const struct {
ccpc *forms;
int oflag_base;
} guest_file_open_modes[] = {
- { (ccpc[]){ "r", "rb", NULL }, O_RDONLY },
- { (ccpc[]){ "w", "wb", NULL }, O_WRONLY | O_CREAT | O_TRUNC },
- { (ccpc[]){ "a", "ab", NULL }, O_WRONLY | O_CREAT | O_APPEND },
- { (ccpc[]){ "r+", "rb+", "r+b", NULL }, O_RDWR },
- { (ccpc[]){ "w+", "wb+", "w+b", NULL }, O_RDWR | O_CREAT | O_TRUNC },
- { (ccpc[]){ "a+", "ab+", "a+b", NULL }, O_RDWR | O_CREAT | O_APPEND }
+ { (ccpc[]){ "r", NULL }, O_RDONLY },
+ { (ccpc[]){ "rb", NULL }, O_RDONLY | O_BINARY },
+ { (ccpc[]){ "w", NULL }, O_WRONLY | O_CREAT | O_TRUNC },
+ { (ccpc[]){ "wb", NULL }, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY },
+ { (ccpc[]){ "a", NULL }, O_WRONLY | O_CREAT | O_APPEND },
+ { (ccpc[]){ "ab", NULL }, O_WRONLY | O_CREAT | O_APPEND | O_BINARY },
+ { (ccpc[]){ "r+", NULL }, O_RDWR },
+ { (ccpc[]){ "rb+", "r+b", NULL }, O_RDWR | O_BINARY },
+ { (ccpc[]){ "w+", NULL }, O_RDWR | O_CREAT | O_TRUNC },
+ { (ccpc[]){ "wb+", "w+b", NULL }, O_RDWR | O_CREAT | O_TRUNC | O_BINARY },
+ { (ccpc[]){ "a+", NULL }, O_RDWR | O_CREAT | O_APPEND },
+ { (ccpc[]){ "ab+", "a+b", NULL }, O_RDWR | O_CREAT | O_APPEND | O_BINARY }
};
static int
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Qemu-devel] [PATCH v2 2/2] qga: unlink just created guest-file if fchmod() or fdopen() fails on it
2013-05-08 15:31 [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 1/2] qga: distinguish binary modes in "guest_file_open_modes" map Laszlo Ersek
@ 2013-05-08 15:31 ` Laszlo Ersek
2013-05-08 17:07 ` Eric Blake
2013-05-10 13:29 ` [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Luiz Capitulino
2013-05-10 19:30 ` mdroth
3 siblings, 1 reply; 10+ messages in thread
From: Laszlo Ersek @ 2013-05-08 15:31 UTC (permalink / raw)
To: eblake, aliguori, peter.maydell, mdroth, qemu-devel
We shouldn't allow guest filesystem pollution on error paths.
Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
qga/commands-posix.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 2eec712..e199738 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -355,6 +355,9 @@ safe_open_or_create(const char *path, const char *mode, Error **err)
}
close(fd);
+ if (oflag & O_CREAT) {
+ unlink(path);
+ }
}
}
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 2/2] qga: unlink just created guest-file if fchmod() or fdopen() fails on it
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 2/2] qga: unlink just created guest-file if fchmod() or fdopen() fails on it Laszlo Ersek
@ 2013-05-08 17:07 ` Eric Blake
0 siblings, 0 replies; 10+ messages in thread
From: Eric Blake @ 2013-05-08 17:07 UTC (permalink / raw)
To: Laszlo Ersek; +Cc: peter.maydell, aliguori, mdroth, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 892 bytes --]
On 05/08/2013 09:31 AM, Laszlo Ersek wrote:
> We shouldn't allow guest filesystem pollution on error paths.
>
> Suggested-by: Eric Blake <eblake@redhat.com>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> qga/commands-posix.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
Reviewed-by: Eric Blake <eblake@redhat.com>
>
> diff --git a/qga/commands-posix.c b/qga/commands-posix.c
> index 2eec712..e199738 100644
> --- a/qga/commands-posix.c
> +++ b/qga/commands-posix.c
> @@ -355,6 +355,9 @@ safe_open_or_create(const char *path, const char *mode, Error **err)
> }
>
> close(fd);
> + if (oflag & O_CREAT) {
> + unlink(path);
> + }
> }
> }
>
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 621 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
2013-05-08 15:31 [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 1/2] qga: distinguish binary modes in "guest_file_open_modes" map Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 2/2] qga: unlink just created guest-file if fchmod() or fdopen() fails on it Laszlo Ersek
@ 2013-05-10 13:29 ` Luiz Capitulino
2013-05-10 19:30 ` mdroth
3 siblings, 0 replies; 10+ messages in thread
From: Luiz Capitulino @ 2013-05-10 13:29 UTC (permalink / raw)
To: Laszlo Ersek; +Cc: peter.maydell, aliguori, mdroth, qemu-devel
On Wed, 8 May 2013 17:31:34 +0200
Laszlo Ersek <lersek@redhat.com> wrote:
> I should have paid more attention to portability and error path cleanup
> in the CVE-2013-2007 fix.
>
> (We continue to assume, like the rest of qemu code, that
> qemu_set_cloexec() never fails internally. This should be a reasonable
> assumption when the input fd is valid.)
Series:
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
>
> Laszlo Ersek (2):
> qga: distinguish binary modes in "guest_file_open_modes" map
> qga: unlink just created guest-file if fchmod() or fdopen() fails on
> it
>
> qga/commands-posix.c | 25 +++++++++++++++++++------
> 1 files changed, 19 insertions(+), 6 deletions(-)
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
2013-05-08 15:31 [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Laszlo Ersek
` (2 preceding siblings ...)
2013-05-10 13:29 ` [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Luiz Capitulino
@ 2013-05-10 19:30 ` mdroth
2013-05-10 19:53 ` Laszlo Ersek
3 siblings, 1 reply; 10+ messages in thread
From: mdroth @ 2013-05-10 19:30 UTC (permalink / raw)
To: Laszlo Ersek; +Cc: peter.maydell, aliguori, qemu-devel
On Wed, May 08, 2013 at 05:31:34PM +0200, Laszlo Ersek wrote:
> I should have paid more attention to portability and error path cleanup
> in the CVE-2013-2007 fix.
>
> (We continue to assume, like the rest of qemu code, that
> qemu_set_cloexec() never fails internally. This should be a reasonable
> assumption when the input fd is valid.)
>
> Laszlo Ersek (2):
> qga: distinguish binary modes in "guest_file_open_modes" map
> qga: unlink just created guest-file if fchmod() or fdopen() fails on
> it
Thanks, applied to qga branch:
https://github.com/mdroth/qemu/commits/qga
>
> qga/commands-posix.c | 25 +++++++++++++++++++------
> 1 files changed, 19 insertions(+), 6 deletions(-)
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
2013-05-10 19:30 ` mdroth
@ 2013-05-10 19:53 ` Laszlo Ersek
2013-05-10 20:09 ` mdroth
0 siblings, 1 reply; 10+ messages in thread
From: Laszlo Ersek @ 2013-05-10 19:53 UTC (permalink / raw)
To: mdroth; +Cc: peter.maydell, aliguori, qemu-devel
On 05/10/13 21:30, mdroth wrote:
> On Wed, May 08, 2013 at 05:31:34PM +0200, Laszlo Ersek wrote:
>> I should have paid more attention to portability and error path cleanup
>> in the CVE-2013-2007 fix.
>>
>> (We continue to assume, like the rest of qemu code, that
>> qemu_set_cloexec() never fails internally. This should be a reasonable
>> assumption when the input fd is valid.)
>>
>> Laszlo Ersek (2):
>> qga: distinguish binary modes in "guest_file_open_modes" map
>> qga: unlink just created guest-file if fchmod() or fdopen() fails on
>> it
>
> Thanks, applied to qga branch:
>
> https://github.com/mdroth/qemu/commits/qga
Thanks!
Can you reword the second commit to include Eric's R-b?
<http://lists.nongnu.org/archive/html/qemu-devel/2013-05/msg01179.html>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
2013-05-10 19:53 ` Laszlo Ersek
@ 2013-05-10 20:09 ` mdroth
2013-05-12 16:47 ` Andreas Färber
0 siblings, 1 reply; 10+ messages in thread
From: mdroth @ 2013-05-10 20:09 UTC (permalink / raw)
To: Laszlo Ersek; +Cc: peter.maydell, aliguori, qemu-devel
On Fri, May 10, 2013 at 09:53:27PM +0200, Laszlo Ersek wrote:
> On 05/10/13 21:30, mdroth wrote:
> > On Wed, May 08, 2013 at 05:31:34PM +0200, Laszlo Ersek wrote:
> >> I should have paid more attention to portability and error path cleanup
> >> in the CVE-2013-2007 fix.
> >>
> >> (We continue to assume, like the rest of qemu code, that
> >> qemu_set_cloexec() never fails internally. This should be a reasonable
> >> assumption when the input fd is valid.)
> >>
> >> Laszlo Ersek (2):
> >> qga: distinguish binary modes in "guest_file_open_modes" map
> >> qga: unlink just created guest-file if fchmod() or fdopen() fails on
> >> it
> >
> > Thanks, applied to qga branch:
> >
> > https://github.com/mdroth/qemu/commits/qga
>
> Thanks!
>
> Can you reword the second commit to include Eric's R-b?
> <http://lists.nongnu.org/archive/html/qemu-devel/2013-05/msg01179.html>
Sure, missed that one. Should be fixed in tree now.
>
> Thanks!
> Laszlo
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
2013-05-10 20:09 ` mdroth
@ 2013-05-12 16:47 ` Andreas Färber
2013-05-13 11:33 ` mdroth
0 siblings, 1 reply; 10+ messages in thread
From: Andreas Färber @ 2013-05-12 16:47 UTC (permalink / raw)
To: mdroth, Laszlo Ersek; +Cc: peter.maydell, aliguori, qemu-devel, qemu-stable
Am 10.05.2013 22:09, schrieb mdroth:
> On Fri, May 10, 2013 at 09:53:27PM +0200, Laszlo Ersek wrote:
>> On 05/10/13 21:30, mdroth wrote:
>>> On Wed, May 08, 2013 at 05:31:34PM +0200, Laszlo Ersek wrote:
>>>> I should have paid more attention to portability and error path cleanup
>>>> in the CVE-2013-2007 fix.
>>>>
>>>> (We continue to assume, like the rest of qemu code, that
>>>> qemu_set_cloexec() never fails internally. This should be a reasonable
>>>> assumption when the input fd is valid.)
>>>>
>>>> Laszlo Ersek (2):
>>>> qga: distinguish binary modes in "guest_file_open_modes" map
>>>> qga: unlink just created guest-file if fchmod() or fdopen() fails on
>>>> it
>>>
>>> Thanks, applied to qga branch:
>>>
>>> https://github.com/mdroth/qemu/commits/qga
>>
>> Thanks!
>>
>> Can you reword the second commit to include Eric's R-b?
>> <http://lists.nongnu.org/archive/html/qemu-devel/2013-05/msg01179.html>
>
> Sure, missed that one. Should be fixed in tree now.
Shouldn't at least the unlinking be backported to stable as well?
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda
2013-05-12 16:47 ` Andreas Färber
@ 2013-05-13 11:33 ` mdroth
0 siblings, 0 replies; 10+ messages in thread
From: mdroth @ 2013-05-13 11:33 UTC (permalink / raw)
To: Andreas Färber
Cc: peter.maydell, aliguori, Laszlo Ersek, qemu-devel, qemu-stable
On Sun, May 12, 2013 at 06:47:05PM +0200, Andreas Färber wrote:
> Am 10.05.2013 22:09, schrieb mdroth:
> > On Fri, May 10, 2013 at 09:53:27PM +0200, Laszlo Ersek wrote:
> >> On 05/10/13 21:30, mdroth wrote:
> >>> On Wed, May 08, 2013 at 05:31:34PM +0200, Laszlo Ersek wrote:
> >>>> I should have paid more attention to portability and error path cleanup
> >>>> in the CVE-2013-2007 fix.
> >>>>
> >>>> (We continue to assume, like the rest of qemu code, that
> >>>> qemu_set_cloexec() never fails internally. This should be a reasonable
> >>>> assumption when the input fd is valid.)
> >>>>
> >>>> Laszlo Ersek (2):
> >>>> qga: distinguish binary modes in "guest_file_open_modes" map
> >>>> qga: unlink just created guest-file if fchmod() or fdopen() fails on
> >>>> it
> >>>
> >>> Thanks, applied to qga branch:
> >>>
> >>> https://github.com/mdroth/qemu/commits/qga
> >>
> >> Thanks!
> >>
> >> Can you reword the second commit to include Eric's R-b?
> >> <http://lists.nongnu.org/archive/html/qemu-devel/2013-05/msg01179.html>
> >
> > Sure, missed that one. Should be fixed in tree now.
>
> Shouldn't at least the unlinking be backported to stable as well?
Yes, these are basically updates to the CVE fix, so I think they should all
be applied to stable. I'll send PULL today so hopefully we can get them
into 1.5 prior to patch freeze for 1.4.2. Otherwise I'll backport from the
qga tree.
>
> Andreas
>
> --
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2013-05-13 11:35 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-08 15:31 [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 1/2] qga: distinguish binary modes in "guest_file_open_modes" map Laszlo Ersek
2013-05-08 15:31 ` [Qemu-devel] [PATCH v2 2/2] qga: unlink just created guest-file if fchmod() or fdopen() fails on it Laszlo Ersek
2013-05-08 17:07 ` Eric Blake
2013-05-10 13:29 ` [Qemu-devel] [PATCH v2 0/2] qga umask fix addenda Luiz Capitulino
2013-05-10 19:30 ` mdroth
2013-05-10 19:53 ` Laszlo Ersek
2013-05-10 20:09 ` mdroth
2013-05-12 16:47 ` Andreas Färber
2013-05-13 11:33 ` mdroth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.