virtiofsd: Security fix
Fixes: CVE-2022-0358 -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAmHxJpQACgkQBRYzHrxb /ecd/xAAl4o5rqmLHIpuzUbCbfYliFkBqn9X1zsZc3VJ1T3e3Vxq36h4kUQGY63g 4KPRghjjO3v3+YU9a3Tmlp704TaalNWhOMCTWnFT28Pet2u6492zDjGUz3h5scms 18NZmyjmFHREumeSFM5s7rgouhhsa8dv8pqrkvIezBAmp6BQDhZThkd4dlx1OTAq zdiOwCmEY/1z55bPFBeU6Tz1BMGgWP+0kqoY2YLFms+kRgWrmacsNsUfdAXSuLr1 jUosr3f96inwts9dlTVR0jdMs1/Dh0eLSuasWa1VgQmak4vYdx3ytiqjf1eaLyjc r41GQOvqyqRy+BqzjXLHkMOXdwMKGTtj9pNBnnKMnEcUA4Kja0d4i37Gf9T3tWT7 WVcA1It3kdYuXPrxY1++toasCv4BId8dofJWnjgULf8gsEgKdLm/Aee9EiUYsBHv OPdX/iQB1B3eyc4g6vZHwnQNx7r2+yvh6eSho9NiRD57u8FZwuHWXudVTrZ9QFwZ AQ7p6b0qf9Un5n7fQ48t2hJKmHLKGZmiLp4zVCqSHP0DF5wImepwgOIHaqxaToN/ iu/Y6tc9UZarNFKA3rSKSlRrerbRVPEL36+1KyYZHOq3685q+xIsK64iVD6Z0FeX 9deb0lOCYQkG/fhetv1HTsCLlqAUK+M4Vk4g+4pd176gjOUBRhw= =7mdJ -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20220126' into staging virtiofsd: Security fix Fixes: CVE-2022-0358 # gpg: Signature made Wed 26 Jan 2022 10:46:44 GMT # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert-gitlab/tags/pull-virtiofs-20220126: virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>staging
Peter Maydell
commit
48302d4eb6
|
|
@ -54,6 +54,7 @@
|
|||
#include <sys/wait.h>
|
||||
#include <sys/xattr.h>
|
||||
#include <syslog.h>
|
||||
#include <grp.h>
|
||||
|
||||
#include "qemu/cutils.h"
|
||||
#include "passthrough_helpers.h"
|
||||
|
|
@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
|
|||
#define OURSYS_setresuid SYS_setresuid
|
||||
#endif
|
||||
|
||||
static void drop_supplementary_groups(void)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = getgroups(0, NULL);
|
||||
if (ret == -1) {
|
||||
fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n",
|
||||
errno, strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!ret) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* Drop all supplementary groups. We should not need it */
|
||||
ret = setgroups(0, NULL);
|
||||
if (ret == -1) {
|
||||
fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n",
|
||||
errno, strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Change to uid/gid of caller so that file is created with
|
||||
* ownership of caller.
|
||||
|
|
@ -3926,6 +3951,8 @@ int main(int argc, char *argv[])
|
|||
|
||||
qemu_init_exec_dir(argv[0]);
|
||||
|
||||
drop_supplementary_groups();
|
||||
|
||||
pthread_mutex_init(&lo.mutex, NULL);
|
||||
lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
|
||||
lo.root.fd = -1;
|
||||
|
|
|
|||
Loading…
Reference in New Issue