On Tue, 8 Aug 2017 15:28:35 -0500
Eric Blake wrote:
> On 08/08/2017 03:24 PM, Eric Blake wrote:
> > On 08/08/2017 03:10 PM, Philippe Mathieu-Daudé wrote:
> >>> Technically, POSIX says (and 'man 2 open' agrees, modulo the fact that
> >>> Linux still lacks O_SEARCH) that you MUST provide one of t
On Tue, 8 Aug 2017 14:14:18 -0500
Eric Blake wrote:
> On 08/08/2017 12:28 PM, Greg Kurz wrote:
> > This function has to ensure it doesn't follow a symlink that could be used
> > to escape the virtfs directory. This could be easily achieved if fchmodat()
> > on linux honored the AT_SYMLINK_NOFOLLO
On 08/08/2017 03:24 PM, Eric Blake wrote:
> On 08/08/2017 03:10 PM, Philippe Mathieu-Daudé wrote:
>>> Technically, POSIX says (and 'man 2 open' agrees, modulo the fact that
>>> Linux still lacks O_SEARCH) that you MUST provide one of the 5 access
>>> modes (they are O_RDONLY, O_RDWR, O_WRONLY, O_EX
On 08/08/2017 03:10 PM, Philippe Mathieu-Daudé wrote:
>> Technically, POSIX says (and 'man 2 open' agrees, modulo the fact that
>> Linux still lacks O_SEARCH) that you MUST provide one of the 5 access
>> modes (they are O_RDONLY, O_RDWR, O_WRONLY, O_EXEC, and O_SEARCH;
>> although POSIX allows O_EX
On 08/08/2017 04:34 PM, Eric Blake wrote:
On 08/08/2017 01:48 PM, Philippe Mathieu-Daudé wrote:
+fd = openat_file(dirfd, name, O_RDONLY | O_PATH, 0);
since you use O_PATH, you can drop O_RDONLY.
Technically, POSIX says (and 'man 2 open' agrees, modulo the fact that
Linux still lacks O_S
On 08/08/2017 01:48 PM, Philippe Mathieu-Daudé wrote:
>> +fd = openat_file(dirfd, name, O_RDONLY | O_PATH, 0);
>
> since you use O_PATH, you can drop O_RDONLY.
Technically, POSIX says (and 'man 2 open' agrees, modulo the fact that
Linux still lacks O_SEARCH) that you MUST provide one of the
On 08/08/2017 12:28 PM, Greg Kurz wrote:
> This function has to ensure it doesn't follow a symlink that could be used
> to escape the virtfs directory. This could be easily achieved if fchmodat()
> on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
> it doesn't.
>
> The curre
Hi Greg,
is this also related to CVE-2016-9602?
On 08/08/2017 02:28 PM, Greg Kurz wrote:
This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as descri
This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
it doesn't.
The current implementation covers most use-cases, but it notab