Google Git
Sign in
fuchsia / third_party / qemu / c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
commitc689b4f1bac352dcfd6ecb9a1d45337de0f1de67[log] [tgz]
authorLaszlo Ersek <lersek@redhat.com>Wed Apr 24 13:13:18 2013 +0200
committerAnthony Liguori <aliguori@us.ibm.com>Tue May 07 06:46:26 2013 -0500
treee9432502391143692a6400bf888b0ecbc52ea7fc
parentd7108d90100d5bac5965abef5ed73f2602adae14 [diff]
qga: set umask 0077 when daemonizing (CVE-2013-2007)

The qemu guest agent creates a bunch of files with insecure permissions
when started in daemon mode. For example:

  -rw-rw-rw- 1 root root /var/log/qemu-ga.log
  -rw-rw-rw- 1 root root /var/run/qga.state
  -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log

In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.

For now mask all file mode bits for "group" and "others" in
become_daemon().

Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2 files changed
tree: e9432502391143692a6400bf888b0ecbc52ea7fc
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. ldscripts/
  14. libcacard/
  15. linux-headers/
  16. linux-user/
  17. net/
  18. pc-bios/
  19. po/
  20. qapi/
  21. qga/
  22. QMP/
  23. qobject/
  24. qom/
  25. roms/
  26. scripts/
  27. slirp/
  28. stubs/
  29. sysconfigs/
  30. target-alpha/
  31. target-arm/
  32. target-cris/
  33. target-i386/
  34. target-lm32/
  35. target-m68k/
  36. target-microblaze/
  37. target-mips/
  38. target-moxie/
  39. target-openrisc/
  40. target-ppc/
  41. target-s390x/
  42. target-sh4/
  43. target-sparc/
  44. target-unicore32/
  45. target-xtensa/
  46. tcg/
  47. tests/
  48. trace/
  49. ui/
  50. util/
  51. dtc
  52. pixman
  53. .exrc
  54. .gitignore
  55. .gitmodules
  56. .mailmap
  57. aio-posix.c
  58. aio-win32.c
  59. arch_init.c
  60. async.c
  61. balloon.c
  62. block-migration.c
  63. block.c
  64. blockdev-nbd.c
  65. blockdev.c
  66. blockjob.c
  67. bt-host.c
  68. bt-vhci.c
  69. Changelog
  70. cmd.c
  71. cmd.h
  72. CODING_STYLE
  73. configure
  74. COPYING
  75. COPYING.LIB
  76. coroutine-gthread.c
  77. coroutine-sigaltstack.c
  78. coroutine-ucontext.c
  79. coroutine-win32.c
  80. cpu-exec.c
  81. cpus.c
  82. cputlb.c
  83. device-hotplug.c
  84. device_tree.c
  85. disas.c
  86. dma-helpers.c
  87. dump-stub.c
  88. dump.c
  89. exec.c
  90. gdbstub.c
  91. HACKING
  92. hmp-commands.hx
  93. hmp.c
  94. hmp.h
  95. iohandler.c
  96. ioport.c
  97. kvm-all.c
  98. kvm-stub.c
  99. LICENSE
  100. main-loop.c
  101. MAINTAINERS
  102. Makefile
  103. Makefile.objs
  104. Makefile.target
  105. memory.c
  106. memory_mapping-stub.c
  107. memory_mapping.c
  108. migration-exec.c
  109. migration-fd.c
  110. migration-tcp.c
  111. migration-unix.c
  112. migration.c
  113. monitor.c
  114. nbd.c
  115. os-posix.c
  116. os-win32.c
  117. page_cache.c
  118. qapi-schema-test.json
  119. qapi-schema.json
  120. qdev-monitor.c
  121. qdict-test-data.txt
  122. qemu-bridge-helper.c
  123. qemu-char.c
  124. qemu-coroutine-io.c
  125. qemu-coroutine-lock.c
  126. qemu-coroutine-sleep.c
  127. qemu-coroutine.c
  128. qemu-doc.texi
  129. qemu-img-cmds.hx
  130. qemu-img.c
  131. qemu-img.texi
  132. qemu-io.c
  133. qemu-log.c
  134. qemu-nbd.c
  135. qemu-nbd.texi
  136. qemu-options-wrapper.h
  137. qemu-options.h
  138. qemu-options.hx
  139. qemu-seccomp.c
  140. qemu-tech.texi
  141. qemu-timer.c
  142. qemu.sasl
  143. qmp-commands.hx
  144. qmp.c
  145. qtest.c
  146. readline.c
  147. README
  148. rules.mak
  149. savevm.c
  150. spice-qemu-char.c
  151. tcg-runtime.c
  152. tci.c
  153. thread-pool.c
  154. thunk.c
  155. tpm.c
  156. trace-events
  157. translate-all.c
  158. translate-all.h
  159. user-exec.c
  160. VERSION
  161. version.rc
  162. vl.c
  163. xbzrle.c
  164. xen-all.c
  165. xen-mapcache.c
  166. xen-stub.c