Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
On 05/24/2017 10:54 AM, Greg Kurz wrote: > On Wed, 24 May 2017 00:59:29 +0200 > Leo Gaspardwrote: > >> On 05/23/2017 04:32 PM, Greg Kurz wrote: >>> v2: - posted patch for CVE-2017-7493 separately >>> - other changes available in each patch changelog >>> >>> Leo, >>> >>> If you find time to test this series, I'll gladly add your Tested-by: to >>> it before merging. >> >> Just tested with a base of 2.9.0 with patches [1] [2] (from my >> distribution), [3] (required to apply cleanly) and this patchset. >> >> Things appear to work as expected, and .virtfs_metadata{,_root} appear >> to be neither readable nor writable by any user. >> > > Shall I add your Tested-by: to the patch then ? Hmm, I can't find the definition of Tested-by: on [1], but if it means "tested it by hand without maybe trying all possible edge cases" then I guess you can add it :) >> That said, one thing still bothering me with the fix in [3] is that it >> still "leaks" the host's uid/gid to the guest when a corresponding file >> in .virtfs_metadata is not present (while I'd have expected it to appear >> as root:root in the guest), but that's a separate issue, and I guess >> retro-compatibility prevents any fixing it. >> > > Heh, I had a tentative patch to create root:root credentials and 0700 mode > bits by default... but this could indeed break some setups, so I decided > not to post it. Hmm, maybe adding an option to the security_model=mapped-* that allows to run default to root:root 0700 would allow to keep retrocompat, and in a few versions swap the default value of the parameter? As the 'dscript=no' of -netdev type=tap appears to have disappeared -- and broke my scripts -- in the switch to 1.9.0, I guess such a change would be allowed by the retrocompatibility policy of qemu? Anyway, it's fun to see you had thought of that too! Cheers, Leo [1] http://wiki.qemu.org/Contribute/SubmitAPatch signature.asc Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
On Wed, 24 May 2017 00:59:29 +0200 Leo Gaspardwrote: > On 05/23/2017 04:32 PM, Greg Kurz wrote: > > v2: - posted patch for CVE-2017-7493 separately > > - other changes available in each patch changelog > > > > Leo, > > > > If you find time to test this series, I'll gladly add your Tested-by: to > > it before merging. > > Just tested with a base of 2.9.0 with patches [1] [2] (from my > distribution), [3] (required to apply cleanly) and this patchset. > > Things appear to work as expected, and .virtfs_metadata{,_root} appear > to be neither readable nor writable by any user. > Shall I add your Tested-by: to the patch then ? > That said, one thing still bothering me with the fix in [3] is that it > still "leaks" the host's uid/gid to the guest when a corresponding file > in .virtfs_metadata is not present (while I'd have expected it to appear > as root:root in the guest), but that's a separate issue, and I guess > retro-compatibility prevents any fixing it. > Heh, I had a tentative patch to create root:root credentials and 0700 mode bits by default... but this could indeed break some setups, so I decided not to post it. > Thanks for these patches! Thanks for the testing! :) Cheers, -- Greg > Leo > > > [1] > https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch > > [2] > https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch > > [3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html > pgpY2AamtOOTf.pgp Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
On 05/23/2017 04:32 PM, Greg Kurz wrote: > v2: - posted patch for CVE-2017-7493 separately > - other changes available in each patch changelog > > Leo, > > If you find time to test this series, I'll gladly add your Tested-by: to > it before merging. Just tested with a base of 2.9.0 with patches [1] [2] (from my distribution), [3] (required to apply cleanly) and this patchset. Things appear to work as expected, and .virtfs_metadata{,_root} appear to be neither readable nor writable by any user. That said, one thing still bothering me with the fix in [3] is that it still "leaks" the host's uid/gid to the guest when a corresponding file in .virtfs_metadata is not present (while I'd have expected it to appear as root:root in the guest), but that's a separate issue, and I guess retro-compatibility prevents any fixing it. Thanks for these patches! Leo [1] https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch [2] https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch [3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html signature.asc Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
On Tue, 05/23 17:04, Greg Kurz wrote: > > CC hw/9pfs/9p-xattr-user.o > > In file included from > > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:18:0: > > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c: In function > > ‘local_set_mapped_file_attrat’: > > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-util.h:19:5: error: > > ‘map_dirfd’ may be used uninitialized in this function > > [-Werror=maybe-uninitialized] > > close(fd); > > ^ > > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:235:9: note: > > ‘map_dirfd’ was declared here > > int map_dirfd, map_fd; > > ^ > > cc1: all warnings being treated as errors > > This is a false positive AFAICT... what compiler is this ? It's gcc, as in the snipped package list above. Fam
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
On Tue, 23 May 2017 07:47:09 -0700 (PDT) no-re...@patchew.org wrote: > Hi, > > This series failed build test on s390x host. Please find the details below. > > Message-id: > 149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com > Type: series > Subject: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file > security mode > > === TEST SCRIPT BEGIN === > #!/bin/bash > # Testing script will be invoked under the git checkout with > # HEAD pointing to a commit that has the patches applied on top of "base" > # branch > set -e > echo "=== ENV ===" > env > echo "=== PACKAGES ===" > rpm -qa > echo "=== TEST BEGIN ===" > CC=$HOME/bin/cc > INSTALL=$PWD/install > BUILD=$PWD/build > echo -n "Using CC: " > realpath $CC > mkdir -p $BUILD $INSTALL > SRC=$PWD > cd $BUILD > $SRC/configure --cc=$CC --prefix=$INSTALL > make -j4 > # XXX: we need reliable clean up > # make check -j4 V=1 > make install > === TEST SCRIPT END === > > Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 [...] > CC hw/9pfs/9p-xattr-user.o > In file included from > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:18:0: > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c: In function > ‘local_set_mapped_file_attrat’: > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-util.h:19:5: error: > ‘map_dirfd’ may be used uninitialized in this function > [-Werror=maybe-uninitialized] > close(fd); > ^ > /var/tmp/patchew-tester-tmp-5niyvzwz/src/hw/9pfs/9p-local.c:235:9: note: > ‘map_dirfd’ was declared here > int map_dirfd, map_fd; > ^ > cc1: all warnings being treated as errors This is a false positive AFAICT... what compiler is this ? > /var/tmp/patchew-tester-tmp-5niyvzwz/src/rules.mak:69: recipe for target > 'hw/9pfs/9p-local.o' failed > make: *** [hw/9pfs/9p-local.o] Error 1 > make: *** Waiting for unfinished jobs > CC hw/9pfs/9p-posix-acl.o > === OUTPUT END === > > Test command exited with code: 2 > > > --- > Email generated automatically by Patchew [http://patchew.org/]. > Please send your feedback to patchew-de...@freelists.org pgplf5wXTcWRF.pgp Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
Hi, This series failed build test on s390x host. Please find the details below. Message-id: 149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com Type: series Subject: [Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode === TEST SCRIPT BEGIN === #!/bin/bash # Testing script will be invoked under the git checkout with # HEAD pointing to a commit that has the patches applied on top of "base" # branch set -e echo "=== ENV ===" env echo "=== PACKAGES ===" rpm -qa echo "=== TEST BEGIN ===" CC=$HOME/bin/cc INSTALL=$PWD/install BUILD=$PWD/build echo -n "Using CC: " realpath $CC mkdir -p $BUILD $INSTALL SRC=$PWD cd $BUILD $SRC/configure --cc=$CC --prefix=$INSTALL make -j4 # XXX: we need reliable clean up # make check -j4 V=1 make install === TEST SCRIPT END === Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 From https://github.com/patchew-project/qemu * [new tag] patchew/149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com -> patchew/149554993519.23396.2947622015408783770.st...@bahia.lab.toulouse-stg.fr.ibm.com Switched to a new branch 'test' 6203e09 9pfs: local: metadata file for the VirtFS root d1ffae9 9pfs: local: simplify file opening 3a15f99 9pfs: local: resolve special directories in paths 97add45 9pfs: check return value of v9fs_co_name_to_path() === OUTPUT BEGIN === === ENV === XDG_SESSION_ID=63744 SHELL=/bin/sh USER=fam PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug PATH=/usr/bin:/bin PWD=/var/tmp/patchew-tester-tmp-5niyvzwz/src LANG=en_US.UTF-8 HOME=/home/fam SHLVL=2 LOGNAME=fam DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus XDG_RUNTIME_DIR=/run/user/1012 _=/usr/bin/env === PACKAGES === gpg-pubkey-873529b8-54e386ff xz-libs-5.2.2-2.fc24.s390x libxshmfence-1.2-3.fc24.s390x giflib-4.1.6-15.fc24.s390x trousers-lib-0.3.13-6.fc24.s390x ncurses-base-6.0-6.20160709.fc25.noarch gmp-6.1.1-1.fc25.s390x libidn-1.33-1.fc25.s390x slang-2.3.0-7.fc25.s390x libsemanage-2.5-8.fc25.s390x pkgconfig-0.29.1-1.fc25.s390x alsa-lib-1.1.1-2.fc25.s390x yum-metadata-parser-1.1.4-17.fc25.s390x python3-slip-dbus-0.6.4-4.fc25.noarch python2-cssselect-0.9.2-1.fc25.noarch python-fedora-0.8.0-2.fc25.noarch createrepo_c-libs-0.10.0-6.fc25.s390x initscripts-9.69-1.fc25.s390x wget-1.18-2.fc25.s390x dhcp-client-4.3.5-1.fc25.s390x parted-3.2-21.fc25.s390x flex-2.6.0-3.fc25.s390x colord-libs-1.3.4-1.fc25.s390x python-osbs-client-0.33-3.fc25.noarch perl-Pod-Simple-3.35-1.fc25.noarch python2-simplejson-3.10.0-1.fc25.s390x brltty-5.4-2.fc25.s390x librados2-10.2.4-2.fc25.s390x tcp_wrappers-7.6-83.fc25.s390x libcephfs_jni1-10.2.4-2.fc25.s390x nettle-devel-3.3-1.fc25.s390x bzip2-devel-1.0.6-21.fc25.s390x libuuid-2.28.2-2.fc25.s390x pango-1.40.4-1.fc25.s390x python3-dnf-1.1.10-6.fc25.noarch cryptsetup-libs-1.7.4-1.fc25.s390x texlive-kpathsea-doc-svn41139-33.fc25.1.noarch netpbm-10.77.00-3.fc25.s390x openssh-7.4p1-4.fc25.s390x texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x texlive-graphics-svn41015-33.fc25.1.noarch texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch texlive-mfware-svn40768-33.fc25.1.noarch texlive-texlive-scripts-svn41433-33.fc25.1.noarch texlive-euro-svn22191.1.1-33.fc25.1.noarch texlive-etex-svn37057.0-33.fc25.1.noarch texlive-iftex-svn29654.0.2-33.fc25.1.noarch texlive-palatino-svn31835.0-33.fc25.1.noarch texlive-texlive-docindex-svn41430-33.fc25.1.noarch texlive-xunicode-svn30466.0.981-33.fc25.1.noarch texlive-koma-script-svn41508-33.fc25.1.noarch texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch texlive-jknapltx-svn19440.0-33.fc25.1.noarch netpbm-progs-10.77.00-3.fc25.s390x texinfo-6.1-4.fc25.s390x openssl-devel-1.0.2k-1.fc25.s390x python2-sssdconfig-1.15.2-1.fc25.noarch gdk-pixbuf2-2.36.6-1.fc25.s390x mesa-libEGL-13.0.4-3.fc25.s390x pcre-cpp-8.40-6.fc25.s390x pcre-utf16-8.40-6.fc25.s390x glusterfs-extra-xlators-3.10.1-1.fc25.s390x mesa-libGL-devel-13.0.4-3.fc25.s390x nss-devel-3.29.3-1.1.fc25.s390x libaio-0.3.110-6.fc24.s390x libfontenc-1.1.3-3.fc24.s390x lzo-2.08-8.fc24.s390x isl-0.14-5.fc24.s390x libXau-1.0.8-6.fc24.s390x linux-atm-libs-2.5.1-14.fc24.s390x libXext-1.3.3-4.fc24.s390x libXxf86vm-1.1.4-3.fc24.s390x bison-3.0.4-4.fc24.s390x perl-srpm-macros-1-20.fc25.noarch gawk-4.1.3-8.fc25.s390x libwayland-client-1.12.0-1.fc25.s390x perl-Exporter-5.72-366.fc25.noarch perl-version-0.99.17-1.fc25.s390x fftw-libs-double-3.3.5-3.fc25.s390x libssh2-1.8.0-1.fc25.s390x ModemManager-glib-1.6.4-1.fc25.s390x newt-python3-0.52.19-2.fc25.s390x python-munch-2.0.4-3.fc25.noarch python-bugzilla-1.2.2-4.fc25.noarch libedit-3.1-16.20160618cvs.fc25.s390x python-pycurl-7.43.0-4.fc25.s390x createrepo_c-0.10.0-6.fc25.s390x device-mapper-multipath-libs-0.4.9-83.fc25.s390x yum-3.4.3-510.fc25.noarch dhcp-common-4.3.5-1.fc25.noarch dracut-config-rescue-044-78.fc25.s390x teamd-1.26-1.fc25.s390x mozjs17-17.0.0-16.fc25.s
[Qemu-devel] [PATCH v2 0/4] 9pfs: local: fix metadata of mapped-file security mode
v2: - posted patch for CVE-2017-7493 separately - other changes available in each patch changelog Leo, If you find time to test this series, I'll gladly add your Tested-by: to it before merging. Cheers, -- Greg --- Greg Kurz (4): 9pfs: check return value of v9fs_co_name_to_path() 9pfs: local: resolve special directories in paths 9pfs: local: simplify file opening 9pfs: local: metadata file for the VirtFS root hw/9pfs/9p-local.c | 147 ++-- hw/9pfs/9p-util.c | 43 --- hw/9pfs/9p-util.h |2 - hw/9pfs/9p.c | 36 + 4 files changed, 133 insertions(+), 95 deletions(-)