diff options
author | aszlig <aszlig@redmoonstudios.org> | 2017-03-11 14:59:26 +0100 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2017-03-11 15:16:49 +0100 |
commit | 0a7673d2029ef69175b8e3ce41677965edde371b (patch) | |
tree | 46e18d5f7ab0c487aa470b632862b94c28100779 /pkgs | |
parent | c3c69535aa9f18f611950655d2e8ffc82521943d (diff) | |
download | nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.gz nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.bz2 nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.lz nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.xz nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.tar.zst nixpkgs-0a7673d2029ef69175b8e3ce41677965edde371b.zip |
qemu_test: Rebase force-uid0-on-9p.patch
This reverts commit 3a4e2376e444fd7664102af00a34c65b47e271ec. The reverted commit caused the fix for CVE-2016-9602 not to be applied for qemu_test because it conflicts with the force-uid0-on-9p.patch. So with the rebase of the patch on top of the changes of the CVE-2016-9602.patch, both patches no longer conflict with each other. I've tested this with the "misc" NixOS test and it succeeds. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/applications/virtualization/qemu/default.nix | 14 | ||||
-rw-r--r-- | pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch | 70 |
2 files changed, 44 insertions, 40 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index ef3cce4808d..e5620b6ce45 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -78,6 +78,12 @@ stdenv.mkDerivation rec { # security fixes from debian (fetchurl { + name = "CVE-2016-9602.patch"; + url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3"; + sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv"; + }) + + (fetchurl { name = "CVE-2017-2630.patch"; url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/nbd_client-fix-drop_sync-CVE-2017-2630.patch?h=debian/qemu_2.8%2bdfsg-3"; sha256 = "1gdxaari53iwgj3gyczz30rhg8lj6xqycxym4snw9z5vmkyj1bbq"; @@ -135,13 +141,7 @@ stdenv.mkDerivation rec { (upstreamPatch "CVE-2017-5987" "6e86d90352adf6cb08295255220295cf23c4286e" "09yfxf93cisx8rhm0h48ib1ibwfs420k5pqpz8dnz33nci9567jm") - ] ++ (if nixosTestRunner then [ ./force-uid0-on-9p.patch ] else [ - (fetchurl { - name = "CVE-2016-9602.patch"; - url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3"; - sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv"; - }) - ]); + ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch; hardeningDisable = [ "stackprotector" ]; diff --git a/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch b/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch index 9578d595129..33c4ffff6fe 100644 --- a/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch +++ b/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch @@ -1,8 +1,8 @@ diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c -index 3f271fc..dc273f4 100644 +index 45e9a1f9b0..494ee00c66 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c -@@ -45,6 +45,23 @@ +@@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags) #define VIRTFS_META_DIR ".virtfs_metadata" @@ -23,10 +23,10 @@ index 3f271fc..dc273f4 100644 + return 0; +} + - static char *local_mapped_attr_path(FsContext *ctx, const char *path) + static FILE *local_fopenat(int dirfd, const char *name, const char *mode) { - int dirlen; -@@ -128,6 +145,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) + int fd, o_mode = 0; +@@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) if (err) { goto err_out; } @@ -35,28 +35,17 @@ index 3f271fc..dc273f4 100644 if (fs_ctx->export_flags & V9FS_SM_MAPPED) { /* Actual credentials are part of extended attrs */ uid_t tmp_uid; -@@ -462,6 +481,11 @@ static ssize_t local_pwritev(FsContext *ctx, V9fsFidOpenState *fs, - return ret; - } +@@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode) + { + int fd, ret; -+static inline int maybe_chmod(const char *path, mode_t mode) -+{ -+ return is_in_store_path(path) ? 0 : chmod(path, mode); -+} ++ if (is_in_store_path(name)) ++ return 0; + - static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) - { - char *buffer; -@@ -477,7 +501,7 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) - } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || - (fs_ctx->export_flags & V9FS_SM_NONE)) { - buffer = rpath(fs_ctx, path); -- ret = chmod(buffer, credp->fc_mode); -+ ret = maybe_chmod(buffer, credp->fc_mode); - g_free(buffer); - } - return ret; -@@ -621,6 +645,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, + /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW). + * Unfortunately, the linux kernel doesn't implement it yet. As an + * alternative, let's open the file and use fchmod() instead. This +@@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, if (err) { return err; } @@ -65,13 +54,28 @@ index 3f271fc..dc273f4 100644 if (fs_ctx->export_flags & V9FS_SM_MAPPED) { /* Actual credentials are part of extended attrs */ uid_t tmp_uid; -@@ -916,7 +942,8 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) +@@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, + if (err) { + goto out; + } +- err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, +- AT_SYMLINK_NOFOLLOW); ++ if (is_in_store_path(name)) ++ err = 0; ++ else ++ err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, ++ AT_SYMLINK_NOFOLLOW); + if (err == -1) { + /* + * If we fail to change ownership and if we are +@@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) + goto out; + } + +- if ((credp->fc_uid == -1 && credp->fc_gid == -1) || ++ if (is_in_store_path(name)) { ++ ret = 0; ++ } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) || (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || (fs_ctx->export_flags & V9FS_SM_NONE)) { - buffer = rpath(fs_ctx, path); -- ret = lchown(buffer, credp->fc_uid, credp->fc_gid); -+ ret = is_in_store_path(buffer) -+ ? 0 : lchown(buffer, credp->fc_uid, credp->fc_gid); - g_free(buffer); - } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) { - buffer = rpath(fs_ctx, path); + ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, |