Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-24 Thread Leo Gaspard 
On 05/24/2017 10:54 AM, Greg Kurz wrote:
> On Wed, 24 May 2017 00:59:29 +0200
> Leo Gaspard  wrote:
> 
>> On 05/23/2017 04:32 PM, Greg Kurz wrote:
>>> v2: - posted patch for CVE-2017-7493 separately
>>> - other changes available in each patch changelog
>>>
>>> Leo,
>>>
>>> If you find time to test this series, I'll gladly add your Tested-by: to
>>> it before merging.  
>>
>> Just tested with a base of 2.9.0 with patches [1] [2] (from my
>> distribution), [3] (required to apply cleanly) and this patchset.
>>
>> Things appear to work as expected, and .virtfs_metadata{,_root} appear
>> to be neither readable nor writable by any user.
>>
> 
> Shall I add your Tested-by: to the patch then ?

Hmm, I can't find the definition of Tested-by: on [1], but if it means
"tested it by hand without maybe trying all possible edge cases" then I
guess you can add it :)

>> That said, one thing still bothering me with the fix in [3] is that it
>> still "leaks" the host's uid/gid to the guest when a corresponding file
>> in .virtfs_metadata is not present (while I'd have expected it to appear
>> as root:root in the guest), but that's a separate issue, and I guess
>> retro-compatibility prevents any fixing it.
>>
> 
> Heh, I had a tentative patch to create root:root credentials and 0700 mode
> bits by default... but this could indeed break some setups, so I decided
> not to post it.

Hmm, maybe adding an option to the security_model=mapped-* that allows
to run default to root:root 0700 would allow to keep retrocompat, and in
a few versions swap the default value of the parameter? As the
'dscript=no' of -netdev type=tap appears to have disappeared -- and
broke my scripts -- in the switch to 1.9.0, I guess such a change would
be allowed by the retrocompatibility policy of qemu?

Anyway, it's fun to see you had thought of that too!

Cheers,
Leo


[1] http://wiki.qemu.org/Contribute/SubmitAPatch



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-24 Thread Greg Kurz 
On Wed, 24 May 2017 00:59:29 +0200
Leo Gaspard  wrote:

> On 05/23/2017 04:32 PM, Greg Kurz wrote:
> > v2: - posted patch for CVE-2017-7493 separately
> > - other changes available in each patch changelog
> > 
> > Leo,
> > 
> > If you find time to test this series, I'll gladly add your Tested-by: to
> > it before merging.  
> 
> Just tested with a base of 2.9.0 with patches [1] [2] (from my
> distribution), [3] (required to apply cleanly) and this patchset.
> 
> Things appear to work as expected, and .virtfs_metadata{,_root} appear
> to be neither readable nor writable by any user.
> 

Shall I add your Tested-by: to the patch then ?

> That said, one thing still bothering me with the fix in [3] is that it
> still "leaks" the host's uid/gid to the guest when a corresponding file
> in .virtfs_metadata is not present (while I'd have expected it to appear
> as root:root in the guest), but that's a separate issue, and I guess
> retro-compatibility prevents any fixing it.
> 

Heh, I had a tentative patch to create root:root credentials and 0700 mode
bits by default... but this could indeed break some setups, so I decided
not to post it.

> Thanks for these patches!

Thanks for the testing! :)

Cheers,

--
Greg

> Leo
> 
> 
> [1]
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
> 
> [2]
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch
> 
> [3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
> 



pgpY2AamtOOTf.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-23 Thread Leo Gaspard 
On 05/23/2017 04:32 PM, Greg Kurz wrote:
> v2: - posted patch for CVE-2017-7493 separately
> - other changes available in each patch changelog
> 
> Leo,
> 
> If you find time to test this series, I'll gladly add your Tested-by: to
> it before merging.

Just tested with a base of 2.9.0 with patches [1] [2] (from my
distribution), [3] (required to apply cleanly) and this patchset.

Things appear to work as expected, and .virtfs_metadata{,_root} appear
to be neither readable nor writable by any user.

That said, one thing still bothering me with the fix in [3] is that it
still "leaks" the host's uid/gid to the guest when a corresponding file
in .virtfs_metadata is not present (while I'd have expected it to appear
as root:root in the guest), but that's a separate issue, and I guess
retro-compatibility prevents any fixing it.

Thanks for these patches!
Leo


[1]
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch

[2]
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch

[3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-23 Thread Fam Zheng 
On Tue, 05/23 17:04, Greg Kurz wrote:
> >   CC  hw/9pfs/9p-xattr-user.o
> > In file included from 
> > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:18:0:
> > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c: In function 
> > ‘local_set_mapped_file_attrat’:
> > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-util.h:19:5: error: 
> > ‘map_dirfd’ may be used uninitialized in this function 
> > [-Werror=maybe-uninitialized]
> >  close(fd);
> >  ^
> > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:235:9: note: 
> > ‘map_dirfd’ was declared here
> >  int map_dirfd, map_fd;
> >  ^
> > cc1: all warnings being treated as errors
> 
> This is a false positive AFAICT... what compiler is this ?

It's gcc, as in the snipped package list above.

Fam

Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-23 Thread Greg Kurz 
On Tue, 23 May 2017 07:47:09 -0700 (PDT)
no-re...@patchew.org wrote:

> Hi,
> 
> This series failed build test on s390x host. Please find the details below.
> 
> Message-id: 
> 149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com
> Type: series
> Subject: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file 
> security mode
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> # Testing script will be invoked under the git checkout with
> # HEAD pointing to a commit that has the patches applied on top of "base"
> # branch
> set -e
> echo "=== ENV ==="
> env
> echo "=== PACKAGES ==="
> rpm -qa
> echo "=== TEST BEGIN ==="
> CC=$HOME/bin/cc
> INSTALL=$PWD/install
> BUILD=$PWD/build
> echo -n "Using CC: "
> realpath $CC
> mkdir -p $BUILD $INSTALL
> SRC=$PWD
> cd $BUILD
> $SRC/configure --cc=$CC --prefix=$INSTALL
> make -j4
> # XXX: we need reliable clean up
> # make check -j4 V=1
> make install
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
[...]
>   CC  hw/9pfs/9p-xattr-user.o
> In file included from 
> /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:18:0:
> /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c: In function 
> ‘local_set_mapped_file_attrat’:
> /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-util.h:19:5: error: 
> ‘map_dirfd’ may be used uninitialized in this function 
> [-Werror=maybe-uninitialized]
>  close(fd);
>  ^
> /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:235:9: note: 
> ‘map_dirfd’ was declared here
>  int map_dirfd, map_fd;
>  ^
> cc1: all warnings being treated as errors

This is a false positive AFAICT... what compiler is this ?

> /var/tmp/patchew-tester-tmp-5niyvzwz/src/rules.mak:69: recipe for target 
> 'hw/9pfs/9p-local.o' failed
> make: *** [hw/9pfs/9p-local.o] Error 1
> make: *** Waiting for unfinished jobs
>   CC  hw/9pfs/9p-posix-acl.o
> === OUTPUT END ===
> 
> Test command exited with code: 2
> 
> 
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-de...@freelists.org


pgplf5wXTcWRF.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-23 Thread no-reply 
Hi,

This series failed build test on s390x host. Please find the details below.

Message-id: 
149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com
Type: series
Subject: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file 
security mode

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com
 -> 
patchew/149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com
Switched to a new branch 'test'
6203e09 9pfs: local: metadata file for the VirtFS root
d1ffae9 9pfs: local: simplify file opening
3a15f99 9pfs: local: resolve special directories in paths
97add45 9pfs: check return value of v9fs_co_name_to_path()

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=63744
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-5niyvzwz/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
libsemanage-2.5-8.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
python-fedora-0.8.0-2.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
wget-1.18-2.fc25.s390x
dhcp-client-4.3.5-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
pango-1.40.4-1.fc25.s390x
python3-dnf-1.1.10-6.fc25.noarch
cryptsetup-libs-1.7.4-1.fc25.s390x
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
netpbm-10.77.00-3.fc25.s390x
openssh-7.4p1-4.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch
texlive-jknapltx-svn19440.0-33.fc25.1.noarch
netpbm-progs-10.77.00-3.fc25.s390x
texinfo-6.1-4.fc25.s390x
openssl-devel-1.0.2k-1.fc25.s390x
python2-sssdconfig-1.15.2-1.fc25.noarch
gdk-pixbuf2-2.36.6-1.fc25.s390x
mesa-libEGL-13.0.4-3.fc25.s390x
pcre-cpp-8.40-6.fc25.s390x
pcre-utf16-8.40-6.fc25.s390x
glusterfs-extra-xlators-3.10.1-1.fc25.s390x
mesa-libGL-devel-13.0.4-3.fc25.s390x
nss-devel-3.29.3-1.1.fc25.s390x
libaio-0.3.110-6.fc24.s390x
libfontenc-1.1.3-3.fc24.s390x
lzo-2.08-8.fc24.s390x
isl-0.14-5.fc24.s390x
libXau-1.0.8-6.fc24.s390x
linux-atm-libs-2.5.1-14.fc24.s390x
libXext-1.3.3-4.fc24.s390x
libXxf86vm-1.1.4-3.fc24.s390x
bison-3.0.4-4.fc24.s390x
perl-srpm-macros-1-20.fc25.noarch
gawk-4.1.3-8.fc25.s390x
libwayland-client-1.12.0-1.fc25.s390x
perl-Exporter-5.72-366.fc25.noarch
perl-version-0.99.17-1.fc25.s390x
fftw-libs-double-3.3.5-3.fc25.s390x
libssh2-1.8.0-1.fc25.s390x
ModemManager-glib-1.6.4-1.fc25.s390x
newt-python3-0.52.19-2.fc25.s390x
python-munch-2.0.4-3.fc25.noarch
python-bugzilla-1.2.2-4.fc25.noarch
libedit-3.1-16.20160618cvs.fc25.s390x
python-pycurl-7.43.0-4.fc25.s390x
createrepo_c-0.10.0-6.fc25.s390x
device-mapper-multipath-libs-0.4.9-83.fc25.s390x
yum-3.4.3-510.fc25.noarch
dhcp-common-4.3.5-1.fc25.noarch
dracut-config-rescue-044-78.fc25.s390x
teamd-1.26-1.fc25.s390x
mozjs17-17.0.0-16.fc25.s

[Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode

2017-05-23 Thread Greg Kurz 
v2: - posted patch for CVE-2017-7493 separately
- other changes available in each patch changelog

Leo,

If you find time to test this series, I'll gladly add your Tested-by: to
it before merging.

Cheers,

--
Greg

---

Greg Kurz (4):
  9pfs: check return value of v9fs_co_name_to_path()
  9pfs: local: resolve special directories in paths
  9pfs: local: simplify file opening
  9pfs: local: metadata file for the VirtFS root


 hw/9pfs/9p-local.c |  147 ++--
 hw/9pfs/9p-util.c  |   43 ---
 hw/9pfs/9p-util.h  |2 -
 hw/9pfs/9p.c   |   36 +
 4 files changed, 133 insertions(+), 95 deletions(-)