On Mon, Feb 20, 2017 at 03:41:24PM +0100, Greg Kurz wrote:
> The local_truncate() callback is vulnerable to symlink attacks because
> it calls truncate() which follows symbolic links in all path elements.
> 
> This patch converts local_truncate() to rely on open_nofollow() and
> ftruncate() instead.
> 
> This partly fixes CVE-2016-9602.
> 
> Signed-off-by: Greg Kurz <groug@kaod.org>
> ---
>  hw/9pfs/9p-local.c |   13 +++++++------
>  1 file changed, 7 insertions(+), 6 deletions(-)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>