On 03/03/2017 10:21 AM, Daniel P. Berrange wrote: >>>> I remember years ago something like O_PATH was not defined on Mac OS >>>> X, >>>> so the solution was to define the constant as zero. Something like >>>> this: >>>> >>>> #ifndef O_PATH >>>> #define O_PATH 0 >>>> #endif >>>> >>>> Maybe this might work in 9p-util.h. >>>>
>> >> +#ifndef O_PATH >> + #define O_PATH 0 >> +#endif > > Isn't the use of O_PATH required in order to fix the recent > security vulnerability in 9p ? If so, then defining it to > 0 means the QEMU is silently becoming vulnerable once again > which I don't think is a good idea. My understanding is that O_PATH is an optimization. It lets openat() succeed in some places where it would ordinarily fail (for example, it can be used to open a dir with mode 0000) - the resulting fd is limited-use (it cannot be used to read() or write(), but CAN be used as the relative fd for a subsequent openat(), for example). If you define O_PATH to 0, then attempts to traverse paths will fail where the could have otherwise succeeded, but failure is okay (the CVE was that we were succeeding at opening through a guest-controlled symlink; whether we now fail or guarantee that we are not going through a symlink is a quality of implementation, but either way, we are at least immune from succeeding through a symlink). -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature