On Tue, Jan 26, 2021 at 10:35:02AM +0000, Stefan Hajnoczi wrote: > A well-behaved FUSE client does not attempt to open special files with > FUSE_OPEN because they are handled on the client side (e.g. device nodes > are handled by client-side device drivers). > > The check to prevent virtiofsd from opening special files is missing in > a few cases, most notably FUSE_OPEN. A malicious client can cause > virtiofsd to open a device node, potentially allowing the guest to > escape. This can be exploited by a modified guest device driver. It is > not exploitable from guest userspace since the guest kernel will handle > special files inside the guest instead of sending FUSE requests. > > This patch adds the missing checks to virtiofsd. This is a short-term > solution because it does not prevent a compromised virtiofsd process > from opening device nodes on the host. > > Reported-by: Alex Xu <a...@alxu.ca> > Fixes: CVE-2020-35517 > Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com> > Reviewed-by: Vivek Goyal <vgo...@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
