virtiofsd: jail lo->proc_self_fd - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Miklos Szeredi	2020-04-29 14:47:33 +0200
committer	Dr. David Alan Gilbert	2020-05-01 19:46:54 +0200
commit	397ae982f4df46e7d4b2625c431062c9146f3b83 (patch)
tree	7b22232304db1e20f9f9c47b5636e9590331f39d /hw/display/tcx.c
parent	virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) (diff)
download	qemu-397ae982f4df46e7d4b2625c431062c9146f3b83.tar.gz qemu-397ae982f4df46e7d4b2625c431062c9146f3b83.tar.xz qemu-397ae982f4df46e7d4b2625c431062c9146f3b83.zip

virtiofsd: jail lo->proc_self_fd

While it's not possible to escape the proc filesystem through lo->proc_self_fd, it is possible to escape to the root of the proc filesystem itself through "../..". Use a temporary mount for opening lo->proc_self_fd, that has it's root at /proc/self/fd/, preventing access to the ancestor directories. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Message-Id: <20200429124733.22488-1-mszeredi@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

Diffstat (limited to 'hw/display/tcx.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: