On 30 August 2016 at 14:29, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 30 August 2016 at 18:10, Greg Kurz <gr...@kaod.org> wrote: >> As reported by Felix Wilhelm, at various places in 9pfs, full paths are >> created by concatenating a guest originated string to the export path. A >> malicious guest could forge a relative path and access files outside the >> export path. >> >> A tentative fix was sent recently by Prasad J Pandit, but it was only >> focused on the local backend and did not get a positive review. This series >> tries to address the issue more globally, based on the official 9P spec. >> >> I wasn't running the TUXERA test suite correctly and overlooked a failure >> with symbolic links (thanks Aneesh for your assistance). This v4 is basically >> the same as v3 with a change in patch 1/3. >> >> --- >> >> Greg Kurz (3): >> 9pfs: forbid illegal path names >> 9pfs: forbid . and .. in file names >> 9pfs: handle walk of ".." in the root directory > > I see the cover letter and patches 1 and 2 in my email client > and in patchwork. Where is patch 3? (If it's identical to the v3 > patch 3 I can get that...)
Ah, it just arrived. Applied all to master, thanks. -- PMM
