qemu/tools/virtiofsd
Miklos Szeredi 397ae982f4 virtiofsd: jail lo->proc_self_fd
While it's not possible to escape the proc filesystem through
lo->proc_self_fd, it is possible to escape to the root of the proc
filesystem itself through "../..".

Use a temporary mount for opening lo->proc_self_fd, that has it's root at
/proc/self/fd/, preventing access to the ancestor directories.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Message-Id: <20200429124733.22488-1-mszeredi@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-05-01 18:46:54 +01:00
..
50-qemu-virtiofsd.json.in virtiofsd: add vhost-user.json file 2020-01-23 16:41:36 +00:00
buffer.c virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance 2020-01-23 16:41:37 +00:00
fuse_common.h virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV 2020-01-23 16:41:37 +00:00
fuse_i.h virtiofsd: Remove fuse.h and struct fuse_module 2020-02-21 12:53:17 +00:00
fuse_log.c virtiofsd: Fix common header and define for QEMU builds 2020-01-23 16:41:36 +00:00
fuse_log.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
fuse_lowlevel.c tools/virtiofsd/fuse_lowlevel: Fix fuse_out_header::error value 2020-02-21 12:53:17 +00:00
fuse_lowlevel.h virtiofsd: add --rlimit-nofile=NUM option 2020-05-01 18:41:55 +01:00
fuse_misc.h virtiofsd: support nanosecond resolution for file timestamp 2020-01-23 16:41:37 +00:00
fuse_opt.c virtiofsd: Fix common header and define for QEMU builds 2020-01-23 16:41:36 +00:00
fuse_opt.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
fuse_signals.c virtiofsd: convert more fprintf and perror to use fuse log infra 2020-01-23 16:41:37 +00:00
fuse_virtio.c virtiofsd: Fix xattr operations 2020-03-03 15:13:24 +00:00
fuse_virtio.h virtiofsd: cleanup allocated resource in se 2020-01-23 16:41:37 +00:00
helper.c virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) 2020-05-01 18:41:56 +01:00
Makefile.objs virtiofsd: add seccomp whitelist 2020-01-23 16:41:37 +00:00
passthrough_helpers.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
passthrough_ll.c virtiofsd: jail lo->proc_self_fd 2020-05-01 18:46:54 +01:00
seccomp.c virtiofsd: Fix xattr operations 2020-03-03 15:13:24 +00:00
seccomp.h virtiofsd: add --syslog command-line option 2020-01-23 16:41:37 +00:00