On Tue, 30 Aug 2016 15:39:13 -0400 Peter Maydell <peter.mayd...@linaro.org> wrote:
> On 30 August 2016 at 14:29, Peter Maydell <peter.mayd...@linaro.org> wrote: > > On 30 August 2016 at 18:10, Greg Kurz <gr...@kaod.org> wrote: > >> As reported by Felix Wilhelm, at various places in 9pfs, full paths are > >> created by concatenating a guest originated string to the export path. A > >> malicious guest could forge a relative path and access files outside the > >> export path. > >> > >> A tentative fix was sent recently by Prasad J Pandit, but it was only > >> focused on the local backend and did not get a positive review. This series > >> tries to address the issue more globally, based on the official 9P spec. > >> > >> I wasn't running the TUXERA test suite correctly and overlooked a failure > >> with symbolic links (thanks Aneesh for your assistance). This v4 is > >> basically > >> the same as v3 with a change in patch 1/3. > >> > >> --- > >> > >> Greg Kurz (3): > >> 9pfs: forbid illegal path names > >> 9pfs: forbid . and .. in file names > >> 9pfs: handle walk of ".." in the root directory > > > > I see the cover letter and patches 1 and 2 in my email client > > and in patchwork. Where is patch 3? (If it's identical to the v3 > > patch 3 I can get that...) > > Ah, it just arrived. Applied all to master, thanks. > > -- PMM > FWIW, this also applies to 2.6.1. Cheers. -- Greg
