Dear Stable,
From this series, the fixes:
virtiofsd: add --rlimit-nofile=NUM option
virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
and
virtiofsd: Show submounts
should probably be backported.
Dave
* Dr. David Alan Gilbert (git) (dgilb...@redhat.com) wrote:
> From: "Dr. David Alan Gilbert" <dgilb...@redhat.com>
>
> The following changes since commit 1c47613588ccff44422d4bdeea0dc36a0a308ec7:
>
> Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
> (2020-04-30 19:25:41 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20200501
>
> for you to fetch changes up to 66502bbca37ca7a3bfa57e82cfc03b89a7a11eae:
>
> virtiofsd: drop all capabilities in the wait parent process (2020-05-01
> 20:05:37 +0100)
>
> ----------------------------------------------------------------
> virtiofsd: Pull 2020-05-01 (includes CVE fix)
>
> This set includes a security fix, other fixes and improvements.
>
> Security fix:
> The security fix is for CVE-2020-10717 where, on low RAM hosts,
> the guest can potentially exceed the maximum fd limit.
> This fix adds some more configuration so that the user
> can explicitly set the limit.
> Thank you to Yuval Avrahami for reporting this.
>
> Fixes:
>
> Recursive mounting of the exported directory is now used in
> the sandbox, such that if there was a mount underneath present at
> the time the virtiofsd was started, that mount is also
> visible to the guest; in the existing code, only mounts that
> happened after startup were visible.
>
> Security improvements:
>
> The jailing for /proc/self/fd is improved - but it's something
> that shouldn't be accessible anyway.
>
> Most capabilities are now dropped at startup; again this shouldn't
> change any behaviour but is extra protection.
>
> ----------------------------------------------------------------
> Max Reitz (1):
> virtiofsd: Show submounts
>
> Miklos Szeredi (1):
> virtiofsd: jail lo->proc_self_fd
>
> Stefan Hajnoczi (4):
> virtiofsd: add --rlimit-nofile=NUM option
> virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
> virtiofsd: only retain file system capabilities
> virtiofsd: drop all capabilities in the wait parent process
>
> tools/virtiofsd/fuse_lowlevel.h | 1 +
> tools/virtiofsd/helper.c | 47 ++++++++++++++++++
> tools/virtiofsd/passthrough_ll.c | 102
> ++++++++++++++++++++++++++++++++-------
> 3 files changed, 133 insertions(+), 17 deletions(-)
>
>
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
