qemu/hw
Greg Kurz 996a0d76d7 9pfs: local: open/opendir: don't follow symlinks
The local_open() and local_opendir() callbacks are vulnerable to symlink
attacks because they call:

(1) open(O_NOFOLLOW) which follows symbolic links in all path elements but
    the rightmost one
(2) opendir() which follows symbolic links in all path elements

This patch converts both callbacks to use new helpers based on
openat_nofollow() to only open files and directories if they are
below the virtfs shared folder

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-02-28 11:21:15 +01:00
..
9pfs 9pfs: local: open/opendir: don't follow symlinks 2017-02-28 11:21:15 +01:00
acpi change CPUArchId.cpu type to Object* 2017-02-22 11:28:28 +11:00
adc STM32F2xx: Add the ADC device 2016-10-04 13:28:07 +01:00
alpha hw: Default -drive to if=ide explicitly where it works 2017-02-21 13:10:53 +01:00
arm hw: Deprecate -drive if=scsi with non-onboard HBAs 2017-02-21 13:17:45 +01:00
audio es1370: wire up reset via DeviceClass 2017-01-11 09:19:03 +01:00
block block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
bt chardev: qom-ify 2017-01-27 18:08:00 +01:00
char hw/char/mcf_uart: QOMify the ColdFire UART 2017-02-16 14:06:56 +01:00
core This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
cpu Introduce DEVICE_CATEGORY_CPU for CPU devices 2017-01-27 18:07:31 +01:00
cris cris: Fix broken header guard in hw/cris/boot.h 2016-07-12 16:20:46 +02:00
display virtio-gpu: use dpy_gl_scanout_disable 2017-02-27 16:15:29 +01:00
dma migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
gpio hw/gpio: QOM'ify mpc8xxx.c 2017-01-31 10:10:13 +11:00
i2c arm: Uniquely name imx25 I2C buses. 2017-01-20 11:15:06 +00:00
i386 This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
ide hw: Drop superfluous special checks for orphaned -drive 2017-02-21 13:17:45 +01:00
input -----BEGIN PGP SIGNATURE----- 2017-02-02 16:08:28 +00:00
intc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
isa Allow ISA bus to be configured out 2017-02-06 12:33:21 +11:00
lm32 char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
m68k hw/m68k: QOMify the ColdFire interrupt controller 2017-02-18 22:23:31 +01:00
mem pc: memhp: enable nvdimm device hotplug 2016-11-01 19:21:09 +02:00
microblaze clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
mips hw/mips: MIPS Boston board support 2017-02-24 10:37:21 +00:00
misc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net hw/net/spapr_llan: 6 byte mac address device tree entry 2017-02-22 14:28:53 +11:00
nios2 nios2: Add Altera 10M50 GHRD emulation 2017-01-24 13:10:35 -08:00
nvram migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
openrisc target/openrisc: Rename the cpu from or32 to or1k 2017-02-14 08:14:58 +11:00
pci Don't check qobject_type() before qobject_to_qdict() 2017-02-22 19:52:01 +01:00
pci-bridge ppc patch queue 2017-02-02 2017-02-02 18:48:06 +00:00
pci-host ppc patch queue for 2017-02-22 2017-02-24 10:13:57 +00:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
s390x s390x/css: handle format-0 TIC CCW correctly 2017-02-24 10:15:18 +01:00
scsi Changes to -drive without if= and with if=scsi 2017-02-21 13:58:50 +00:00
sd migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
sh4 hw: Default -drive to if=ide explicitly where it works 2017-02-21 13:10:53 +01:00
smbios stubs: move smbios stubs to hw/smbios 2017-01-16 17:52:35 +01:00
sparc hw: Drop superfluous special checks for orphaned -drive 2017-02-21 13:17:45 +01:00
sparc64 Pull request for Niagara patches 2017 02 26 2017-02-26 22:40:23 +00:00
ssi aspeed/smc: use a modulo to check segment limits 2017-02-10 17:40:30 +00:00
timer hw/mips_gictimer: provide API for retrieving frequency 2017-02-21 22:24:58 +00:00
tpm clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
tricore tricore: remove useless cast 2016-09-15 15:32:22 +03:00
unicore32 clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
usb xhci: properties cleanup 2017-02-23 16:18:03 +01:00
vfio vfio/pci-quirks.c: Disable stolen memory for igd VFIO 2017-02-22 13:19:59 -07:00
virtio virtio: Fix no interrupt when not creating msi controller 2017-02-17 21:52:30 +02:00
watchdog wdt: Add Aspeed watchdog device model 2017-02-07 18:29:59 +00:00
xen Xen 2017/02/02 2017-02-03 12:31:40 +00:00
xenpv xenpv: Fix qemu_uuid compiling error 2016-09-29 11:43:17 +08:00
xtensa target/xtensa: refactor CCOUNT/CCOMPARE 2017-01-15 13:01:55 -08:00
Makefile.objs acpi: filter based on CONFIG_ACPI_X86 rather than TARGET 2017-01-16 17:52:35 +01:00