On Wed, 24 Aug 2016 20:23:22 +0100
Peter Maydell wrote:
> On 24 August 2016 at 17:40, Greg Kurz wrote:
> > On Wed, 24 Aug 2016 16:00:24 +0100
> > Peter Maydell wrote:
> >> Do we also need ".." and "." to be illegal names (for at least most
> >> operations)?
>
> > I understand how ".." coul
On 24 August 2016 at 17:40, Greg Kurz wrote:
> On Wed, 24 Aug 2016 16:00:24 +0100
> Peter Maydell wrote:
>> Do we also need ".." and "." to be illegal names (for at least most
>> operations)?
> I understand how ".." could be an issue, but I don't for "."... can you
> please elaborate ?
If you t
On Wed, Aug 24, 2016 at 04:29:07PM +0200, Greg Kurz wrote:
> At various places in 9pfs, full paths are created by concatenating a guest
> originated string to the export path. A malicious guest could forge a
> relative path and access files outside the export path.
>
> A tentative fix was sent rec
On Wed, Aug 24, 2016 at 06:41:45PM +0200, Greg Kurz wrote:
> On Wed, 24 Aug 2016 18:46:10 +0300
> "Michael S. Tsirkin" wrote:
>
> > On Wed, Aug 24, 2016 at 04:00:24PM +0100, Peter Maydell wrote:
> > > On 24 August 2016 at 15:29, Greg Kurz wrote:
> > > > At various places in 9pfs, full paths ar
On Wed, 24 Aug 2016 18:46:10 +0300
"Michael S. Tsirkin" wrote:
> On Wed, Aug 24, 2016 at 04:00:24PM +0100, Peter Maydell wrote:
> > On 24 August 2016 at 15:29, Greg Kurz wrote:
> > > At various places in 9pfs, full paths are created by concatenating a guest
> > > originated string to the expor
On Wed, 24 Aug 2016 16:00:24 +0100
Peter Maydell wrote:
> On 24 August 2016 at 15:29, Greg Kurz wrote:
> > At various places in 9pfs, full paths are created by concatenating a guest
> > originated string to the export path. A malicious guest could forge a
> > relative path and access files outsi
On Wed, Aug 24, 2016 at 04:00:24PM +0100, Peter Maydell wrote:
> On 24 August 2016 at 15:29, Greg Kurz wrote:
> > At various places in 9pfs, full paths are created by concatenating a guest
> > originated string to the export path. A malicious guest could forge a
> > relative path and access files
On 24 August 2016 at 15:29, Greg Kurz wrote:
> At various places in 9pfs, full paths are created by concatenating a guest
> originated string to the export path. A malicious guest could forge a
> relative path and access files outside the export path.
>
> A tentative fix was sent recently by Prasa
At various places in 9pfs, full paths are created by concatenating a guest
originated string to the export path. A malicious guest could forge a
relative path and access files outside the export path.
A tentative fix was sent recently by Prasad J Pandit, but it was only
focused on the local backen
