Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

>>> On 5/7/2013 at 05:47 AM, Anthony Liguori wrote: > From: Laszlo Ersek > > The qemu guest agent creates a bunch of files with insecure permissions > when started in daemon mode. For example: > > -rw-rw-rw- 1 root root /var/log/qemu-ga.log > -rw-rw-rw- 1 root root /var/run/qga.state >

Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

Anthony Liguori writes: > Applied. Thanks. Hi, This was an automated response so it doesn't acknowledge the fact that since this was a CVE, I applied the original patch regardless of review feedback to avoid any confusion about whether the CVE has been addressed. In the past, we've modified t

Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

On 05/07/2013 02:28 PM, mdroth wrote: >> >> This points out that: >> >> 1. the documentation for guest-file-open is insufficient to describe our >> limitations (for example, although C11 requires support for the "wx" >> flag, this patch forbids that flag) > > Got a pointer? I can fix up the docs i

Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

On Tue, May 07, 2013 at 09:55:06AM -0600, Eric Blake wrote: > On 05/07/2013 05:47 AM, Anthony Liguori wrote: > > From: Laszlo Ersek > > > > The qemu guest agent creates a bunch of files with insecure permissions > > when started in daemon mode. For example: > > > > -rw-rw-rw- 1 root root /var/

Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

Applied. Thanks. Regards, Anthony Liguori

Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

On 05/07/2013 05:47 AM, Anthony Liguori wrote: > From: Laszlo Ersek > > The qemu guest agent creates a bunch of files with insecure permissions > when started in daemon mode. For example: > > -rw-rw-rw- 1 root root /var/log/qemu-ga.log > -rw-rw-rw- 1 root root /var/run/qga.state > -rw-rw-r

[Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007)

From: Laszlo Ersek The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at