review.tizen.org Git - platform/upstream/qemu.git/commit

author	Dr. David Alan Gilbert <dgilbert@redhat.com>
	Wed, 24 Feb 2021 19:56:25 +0000 (19:56 +0000)
committer	SoonKyu Park <sk7.park@samsung.com>
	Tue, 23 Nov 2021 04:45:33 +0000 (13:45 +0900)
commit	05f903cc1a0bb170077ef971ca3e86364fb327cb
tree	f9e193f2eec195e5430b40e420936f8b4fc0b784	tree \| snapshot
parent	bf08e1f3c333c4e71b07d9f7c6c8802b84843082	commit \| diff

virtiofs: drop remapped security.capability xattr as needed

Git-commit: e586edcb410543768ef009eaa22a2d9dd4a53846
References: bsc#1183373, CVE-2021-20263

On Linux, the 'security.capability' xattr holds a set of
capabilities that can change when an executable is run, giving
a limited form of privilege escalation to those programs that
the writer of the file deemed worthy.

Any write causes the 'security.capability' xattr to be dropped,
stopping anyone from gaining privilege by modifying a blessed
file.

Fuse relies on the daemon to do this dropping, and in turn the
daemon relies on the host kernel to drop the xattr for it. However,
with the addition of -o xattrmap, the xattr that the guest
stores its capabilities in is now not the same as the one that
the host kernel automatically clears.

Where the mapping changes 'security.capability', explicitly clear
the remapped name to preserve the same behaviour.

This bug is assigned CVE-2021-20263.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>

docs/tools/virtiofsd.rst		diff \| blob \| history
tools/virtiofsd/passthrough_ll.c		diff \| blob \| history