Commits on Jun 8, 2023

1. 9pfs: prevent opening special files (CVE-2023-2861) …

   The 9p protocol does not specifically define how server shall behave when
   client tries to open a special file, however from security POV it does
   make sense for 9p server to prohibit opening any special file on host side
   in general. A sane Linux 9p client for instance would never attempt to
   open a special file on host side, it would always handle those exclusively
   on its guest side. A malicious client however could potentially escape
   from the exported 9p tree by creating and opening a device file on host
   side.
   
   With QEMU this could only be exploited in the following unsafe setups:
   
     - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
       security model.
   
   or
   
     - Using 9p 'proxy' fs driver (which is running its helper daemon as
       root).
   
   These setups were already discouraged for safety reasons before,
   however for obvious reasons we are now tightening behaviour on this.
   
   Fixes: CVE-2023-2861
   Reported-by: Yanwu Shen <ywsPlz@gmail.com>
   Reported-by: Jietao Xiao <shawtao1125@gmail.com>
   Reported-by: Jinku Li <jkli@xidian.edu.cn>
   Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
   Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
   Reviewed-by: Greg Kurz <groug@kaod.org>
   Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
   Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>

   

   cschoenebeck committed Jun 8, 2023
   Copy the full SHA

   f6b0de5 View commit details

   Browse the repository at this point in the history

2. Merge tag 'pull-9p-20230608' of https://github.com/cschoenebeck/qemu … …

   …into staging
   
   * Fix for CVE-2023-2861.
   
   # -----BEGIN PGP SIGNATURE-----
   #
   # iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAmSB7yMXHHFlbXVfb3Nz
   # QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5XykxAAzQb+d2clDVyj3Y3UqcB/YS7X
   # ijxoZph9ObweyPiP2IThjsAcvNPnVR2Bc8bgEpihRkpEYGNLicw5BSk1SjqOgZvg
   # buDRc8bOvOOrKqvYEBXbzaS/OHVIdozn8h+WNjX0jSsdUd4uq9vcwX+uqshkPwl+
   # L4Ipx7ChzmHpaEigkVLh1biQEkLPRCTplny5JK/ZzvAmGVaqYb1usbSx//OVu7k+
   # gBuBALmvJQst3iz/1e+bmVg+JhyxRqcHfCJuuWxaOLIyiZME3ZhTn7tp+2ilivRj
   # n4/AGglTAv+yaVwRi6XEca7GND23HqFs26RPGgZrIhsAkFV03Iz3IT/BJ3Psy3Qv
   # 7KYE4FhhReDnNU5JNfCbNxUPWVilwLY83BXVL9I0CADbAHgTqRSnataQ/PY26VQp
   # BqKJKmxjAEnmsGVZSgRuCDDOhOBlPUPMRFINCUp2b0qujsUQaV5XHUlQ3qRfjUBc
   # JQCy1LrxcSINg7oTRPZczNcrb9iWtaOfD24OGGeW1O6ihCAV0CYaRSmHUhFVPOPR
   # uu4LWnbSToNgfNxBXaMk3vHA0SzWxJl7zBi53GVRvn8ciiTkAPVIoZLf0W8jE47X
   # 5nkzfTpNdjnQJlaKAfDx+YcAyBUPxiknJjAJmjF/mquAtW8c9XbsCVJpyUgS4Lna
   # GNfRoCUHQ6+6ui+/zM0=
   # =6Vxp
   # -----END PGP SIGNATURE-----
   # gpg: Signature made Thu 08 Jun 2023 08:09:23 AM PDT
   # gpg:                using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
   # gpg:                issuer "qemu_oss@crudebyte.com"
   # gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
   # gpg: WARNING: This key is not certified with a trusted signature!
   # gpg:          There is no indication that the signature belongs to the owner.
   # Primary key fingerprint: ECAB 1A45 4014 1413 BA38  4926 30DB 47C3 A012 D5F4
   #      Subkey fingerprint: 96D8 D110 CF7A F808 4F88  5901 34C2 B587 65A4 7395
   
   * tag 'pull-9p-20230608' of https://github.com/cschoenebeck/qemu:
     9pfs: prevent opening special files (CVE-2023-2861)
   
   Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

   

   rth7680 committed Jun 8, 2023
   Copy the full SHA

   5f9dd6a View commit details

   Browse the repository at this point in the history