Searched hist:c689b4f1 (Results 1 – 2 of 2) sorted by relevance
/openbmc/qemu/qga/ |
H A D | commands-posix.c | 8fe6bbca Wed May 08 10:31:35 CDT 2013 Laszlo Ersek <lersek@redhat.com> qga: distinguish binary modes in "guest_file_open_modes" map In Windows guests this may make a difference. Since the original patch (commit c689b4f1) sought to be pedantic and to consider theoretical corner cases of portability, we should fix it up where it failed to come through in that pursuit. Suggested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> c689b4f1 Wed Apr 24 06:13:18 CDT 2013 Laszlo Ersek <lersek@redhat.com> qga: set umask 0077 when daemonizing (CVE-2013-2007) The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at least all files created with the "guest-file-open" QMP command, and all files created with shell output redirection (or otherwise) by utilities invoked by the fsfreeze hook script are affected. For now mask all file mode bits for "group" and "others" in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the "guest-file-open" QMP call. Do so without changing the umask temporarily. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
H A D | main.c | c689b4f1 Wed Apr 24 06:13:18 CDT 2013 Laszlo Ersek <lersek@redhat.com> qga: set umask 0077 when daemonizing (CVE-2013-2007) The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at least all files created with the "guest-file-open" QMP command, and all files created with shell output redirection (or otherwise) by utilities invoked by the fsfreeze hook script are affected. For now mask all file mode bits for "group" and "others" in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the "guest-file-open" QMP call. Do so without changing the umask temporarily. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|