summary refs log tree commit diff
path: root/pkgs
diff options
context:
space:
mode:
authoraszlig <aszlig@redmoonstudios.org>2017-03-11 14:59:26 +0100
committeraszlig <aszlig@redmoonstudios.org>2017-03-11 15:16:49 +0100
commit0a7673d2029ef69175b8e3ce41677965edde371b (patch)
tree46e18d5f7ab0c487aa470b632862b94c28100779 /pkgs
parentc3c69535aa9f18f611950655d2e8ffc82521943d (diff)
downloadnixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar
nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.gz
nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.bz2
nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.lz
nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.xz
nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.zst
nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.zip
qemu_test: Rebase force-uid0-on-9p.patch
This reverts commit 3a4e2376e444fd7664102af00a34c65b47e271ec.

The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.

So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.

I've tested this with the "misc" NixOS test and it succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'pkgs')
-rw-r--r--pkgs/applications/virtualization/qemu/default.nix14
-rw-r--r--pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch70
2 files changed, 44 insertions, 40 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index ef3cce4808d..e5620b6ce45 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -78,6 +78,12 @@ stdenv.mkDerivation rec {
 
     # security fixes from debian
     (fetchurl {
+      name = "CVE-2016-9602.patch";
+      url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3";
+      sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv";
+    })
+
+    (fetchurl {
       name = "CVE-2017-2630.patch";
       url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/nbd_client-fix-drop_sync-CVE-2017-2630.patch?h=debian/qemu_2.8%2bdfsg-3";
       sha256 = "1gdxaari53iwgj3gyczz30rhg8lj6xqycxym4snw9z5vmkyj1bbq";
@@ -135,13 +141,7 @@ stdenv.mkDerivation rec {
     (upstreamPatch "CVE-2017-5987" "6e86d90352adf6cb08295255220295cf23c4286e"
       "09yfxf93cisx8rhm0h48ib1ibwfs420k5pqpz8dnz33nci9567jm")
 
-  ] ++ (if nixosTestRunner then [ ./force-uid0-on-9p.patch ] else [
-    (fetchurl {
-      name = "CVE-2016-9602.patch";
-      url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3";
-      sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv";
-    })
- ]);
+  ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch;
 
   hardeningDisable = [ "stackprotector" ];
 
diff --git a/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch b/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
index 9578d595129..33c4ffff6fe 100644
--- a/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
+++ b/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
@@ -1,8 +1,8 @@
 diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index 3f271fc..dc273f4 100644
+index 45e9a1f9b0..494ee00c66 100644
 --- a/hw/9pfs/9p-local.c
 +++ b/hw/9pfs/9p-local.c
-@@ -45,6 +45,23 @@
+@@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags)
  
  #define VIRTFS_META_DIR ".virtfs_metadata"
  
@@ -23,10 +23,10 @@ index 3f271fc..dc273f4 100644
 +    return 0;
 +}
 +
- static char *local_mapped_attr_path(FsContext *ctx, const char *path)
+ static FILE *local_fopenat(int dirfd, const char *name, const char *mode)
  {
-     int dirlen;
-@@ -128,6 +145,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
+     int fd, o_mode = 0;
+@@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
      if (err) {
          goto err_out;
      }
@@ -35,28 +35,17 @@ index 3f271fc..dc273f4 100644
      if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
          /* Actual credentials are part of extended attrs */
          uid_t tmp_uid;
-@@ -462,6 +481,11 @@ static ssize_t local_pwritev(FsContext *ctx, V9fsFidOpenState *fs,
-     return ret;
- }
+@@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode)
+ {
+     int fd, ret;
  
-+static inline int maybe_chmod(const char *path, mode_t mode)
-+{
-+    return is_in_store_path(path) ? 0 : chmod(path, mode);
-+}
++    if (is_in_store_path(name))
++        return 0;
 +
- static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
- {
-     char *buffer;
-@@ -477,7 +501,7 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
-     } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
-                (fs_ctx->export_flags & V9FS_SM_NONE)) {
-         buffer = rpath(fs_ctx, path);
--        ret = chmod(buffer, credp->fc_mode);
-+        ret = maybe_chmod(buffer, credp->fc_mode);
-         g_free(buffer);
-     }
-     return ret;
-@@ -621,6 +645,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,
+     /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW).
+      * Unfortunately, the linux kernel doesn't implement it yet. As an
+      * alternative, let's open the file and use fchmod() instead. This
+@@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,
      if (err) {
          return err;
      }
@@ -65,13 +54,28 @@ index 3f271fc..dc273f4 100644
      if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
          /* Actual credentials are part of extended attrs */
          uid_t tmp_uid;
-@@ -916,7 +942,8 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
+@@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
+         if (err) {
+             goto out;
+         }
+-        err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
+-                       AT_SYMLINK_NOFOLLOW);
++        if (is_in_store_path(name))
++            err = 0;
++        else
++            err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
++                           AT_SYMLINK_NOFOLLOW);
+         if (err == -1) {
+             /*
+              * If we fail to change ownership and if we are
+@@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
+         goto out;
+     }
+ 
+-    if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
++    if (is_in_store_path(name)) {
++        ret = 0;
++    } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
          (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
          (fs_ctx->export_flags & V9FS_SM_NONE)) {
-         buffer = rpath(fs_ctx, path);
--        ret = lchown(buffer, credp->fc_uid, credp->fc_gid);
-+        ret = is_in_store_path(buffer)
-+            ? 0 : lchown(buffer, credp->fc_uid, credp->fc_gid);
-         g_free(buffer);
-     } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
-         buffer = rpath(fs_ctx, path);
+         ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 17:38:39 +0000