Gerd Hoffmann <kra...@redhat.com> writes: > Open files and directories with O_NOFOLLOW to avoid symlinks attacks. > While being at it also add O_CLOEXEC. > > usb-mtp only handles regular files and directories and ignores > everything else, so users should not see a difference. > > Because qemu ignores symlinks carrying out an successfull symlink attack > requires swapping an existing file or directory below rootdir for a > symlink and winning the race against the inotify notification to qemu. > > Note that the impact of this bug is rather low when qemu is managed by > libvirt due to qemu running sandboxed, so there isn't much you can gain > access to that way. > > Fixes: CVE-2018-pjp-please-get-one
Ah, looks like we've run out of numbers. > Cc: Prasad J Pandit <ppan...@redhat.com> > Cc: Bandan Das <b...@redhat.com> > Reported-by: Michael Hanselmann <pub...@hansmi.ch> > Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
