On 05/23/2017 04:32 PM, Greg Kurz wrote: > v2: - posted patch for CVE-2017-7493 separately > - other changes available in each patch changelog > > Leo, > > If you find time to test this series, I'll gladly add your Tested-by: to > it before merging.
Just tested with a base of 2.9.0 with patches [1] [2] (from my
distribution), [3] (required to apply cleanly) and this patchset.
Things appear to work as expected, and .virtfs_metadata{,_root} appear
to be neither readable nor writable by any user.
That said, one thing still bothering me with the fix in [3] is that it
still "leaks" the host's uid/gid to the guest when a corresponding file
in .virtfs_metadata is not present (while I'd have expected it to appear
as root:root in the guest), but that's a separate issue, and I guess
retro-compatibility prevents any fixing it.
Thanks for these patches!
Leo
[1]
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
[2]
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch
[3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
signature.asc
Description: OpenPGP digital signature
