On Wed, 24 May 2017 00:59:29 +0200 Leo Gaspard wrote: > On 05/23/2017 04:32 PM, Greg Kurz wrote: > > v2: - posted patch for CVE-2017-7493 separately > > - other changes available in each patch changelog > > > > Leo, > > > > If you find time to test this series, I'll gladly add your Tested-by: to > > it before merging. > > Just tested with a base of 2.9.0 with patches [1] [2] (from my > distribution), [3] (required to apply cleanly) and this patchset. > > Things appear to work as expected, and .virtfs_metadata{,_root} appear > to be neither readable nor writable by any user. > Shall I add your Tested-by: to the patch then ? > That said, one thing still bothering me with the fix in [3] is that it > still "leaks" the host's uid/gid to the guest when a corresponding file > in .virtfs_metadata is not present (while I'd have expected it to appear > as root:root in the guest), but that's a separate issue, and I guess > retro-compatibility prevents any fixing it. > Heh, I had a tentative patch to create root:root credentials and 0700 mode bits by default... but this could indeed break some setups, so I decided not to post it. > Thanks for these patches! Thanks for the testing! :) Cheers, -- Greg > Leo > > > [1] > https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch > > [2] > https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch > > [3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html >