From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:58152)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1TPsCV-0000Ic-8h
	for qemu-devel@nongnu.org; Sun, 21 Oct 2012 05:52:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1TPsCU-0001RW-4h
	for qemu-devel@nongnu.org; Sun, 21 Oct 2012 05:52:07 -0400
Received: from mail-ia0-f173.google.com ([209.85.210.173]:59363)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1TPsCT-0001RP-Vx
	for qemu-devel@nongnu.org; Sun, 21 Oct 2012 05:52:06 -0400
Received: by mail-ia0-f173.google.com with SMTP id m10so1394905iam.4
	for <qemu-devel@nongnu.org>; Sun, 21 Oct 2012 02:52:04 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <5083A3B9.90708@msgid.tls.msk.ru>
References: <cover.1350677360.git.jbaron@redhat.com>
	<38e5ef70b494a5e21fdb89b2105e9a87fd410f7c.1350677362.git.jbaron@redhat.com>
	<5083A3B9.90708@msgid.tls.msk.ru>
Date: Sun, 21 Oct 2012 10:52:04 +0100
Message-ID: <CAFEAcA-jYm8Fnzo9ZHWMg2iVZdSa36mkiEqYZ6ktTPxJVfQ+_Q@mail.gmail.com>
From: Peter Maydell <peter.maydell@linaro.org>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH v3 22/26] Add a fallback bios file search,
 if -L fails.
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: aliguori@us.ibm.com, juzhang@redhat.com, mst@redhat.com, jan.kiszka@siemens.com, Jason Baron <jbaron@redhat.com>, agraf@suse.de, qemu-devel@nongnu.org, blauwirbel@gmail.com, yamahata@valinux.co.jp, alex.williamson@redhat.com, kevin@koconnor.net, avi@redhat.com, mkletzan@redhat.com, pbonzini@redhat.com, lcapitulino@redhat.com, afaerber@suse.de, armbru@redhat.com, kraxel@redhat.com

On 21 October 2012 08:26, Michael Tokarev <mjt@tls.msk.ru> wrote:
> On 20.10.2012 00:43, Jason Baron wrote:
>> +char *qemu_find_file(int type, const char *name)
>> +{
>> +    char *filename;
>> +
>> +    /* Try the name as a straight path first */
>> +    if (access(name, R_OK) == 0) {
>> +        return g_strdup(name);
>> +    }
>
> FWIW, this can be a security issue, when a more privileged
> user tries to run qemu from trusted path (/usr/bin) in a
> directory owned by non-privileged user, to utilize -runas
> or somesuch.  I understand it's been this way since the
> beginning.
>
> Maybe we can do a bit better here, like (windows systems
> aside) this:
>
>     if (strchr(name, '/') && access(name, R_OK) == 0) {...}

We used to do that, but it was removed in commit 3178320
because it's inconsistent with how we handle other file
access (like -kernel). The documentation says -bios takes
a filename, so it should just take a filename, with no
weird undocumented restrictions.

If you want qemu not to read files from the current
working directory by default the right fix for that is
probably to make those defaults be "foo.bin in the bios path",
not unqualified "foo.bin".

-- PMM