summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Mair-Keimberger <mmk@levelnine.at>2023-10-22 10:35:37 +0200
committerJoonas Niilola <juippis@gentoo.org>2023-10-22 19:32:11 +0300
commit196685c68adecedeb3c335e551924cab4aee55ea (patch)
tree0728e9778cd1d36287e0022762be622bf94fcee8 /app-emulation/qemu/files
parentmedia-libs/libsdl2: Drop old 2.26.5-r1 and 2.28.2 (diff)
downloadgentoo-196685c68adecedeb3c335e551924cab4aee55ea.tar.gz
gentoo-196685c68adecedeb3c335e551924cab4aee55ea.tar.bz2
gentoo-196685c68adecedeb3c335e551924cab4aee55ea.zip
app-emulation/qemu: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk@levelnine.at> Closes: https://github.com/gentoo/gentoo/pull/33451 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'app-emulation/qemu/files')
-rw-r--r--app-emulation/qemu/files/qemu-7.2.3-CVE-2023-2861.patch162
-rw-r--r--app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch167
2 files changed, 0 insertions, 329 deletions
diff --git a/app-emulation/qemu/files/qemu-7.2.3-CVE-2023-2861.patch b/app-emulation/qemu/files/qemu-7.2.3-CVE-2023-2861.patch
deleted file mode 100644
index 9a9c11a41d66..000000000000
--- a/app-emulation/qemu/files/qemu-7.2.3-CVE-2023-2861.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-https://bugs.gentoo.org/909542
-https://gitlab.com/qemu-project/qemu/-/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5
-
-From 10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Mon Sep 17 00:00:00 2001
-From: Christian Schoenebeck <qemu_oss@crudebyte.com>
-Date: Wed, 7 Jun 2023 18:29:33 +0200
-Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861)
-
-The 9p protocol does not specifically define how server shall behave when
-client tries to open a special file, however from security POV it does
-make sense for 9p server to prohibit opening any special file on host side
-in general. A sane Linux 9p client for instance would never attempt to
-open a special file on host side, it would always handle those exclusively
-on its guest side. A malicious client however could potentially escape
-from the exported 9p tree by creating and opening a device file on host
-side.
-
-With QEMU this could only be exploited in the following unsafe setups:
-
- - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
- security model.
-
-or
-
- - Using 9p 'proxy' fs driver (which is running its helper daemon as
- root).
-
-These setups were already discouraged for safety reasons before,
-however for obvious reasons we are now tightening behaviour on this.
-
-Fixes: CVE-2023-2861
-Reported-by: Yanwu Shen <ywsPlz@gmail.com>
-Reported-by: Jietao Xiao <shawtao1125@gmail.com>
-Reported-by: Jinku Li <jkli@xidian.edu.cn>
-Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
-Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
-Reviewed-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
-(cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-(Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used)
---- a/fsdev/virtfs-proxy-helper.c
-+++ b/fsdev/virtfs-proxy-helper.c
-@@ -26,6 +26,7 @@
- #include "qemu/xattr.h"
- #include "9p-iov-marshal.h"
- #include "hw/9pfs/9p-proxy.h"
-+#include "hw/9pfs/9p-util.h"
- #include "fsdev/9p-iov-marshal.h"
-
- #define PROGNAME "virtfs-proxy-helper"
-@@ -338,6 +339,28 @@ static void resetugid(int suid, int sgid)
- }
- }
-
-+/*
-+ * Open regular file or directory. Attempts to open any special file are
-+ * rejected.
-+ *
-+ * returns file descriptor or -1 on error
-+ */
-+static int open_regular(const char *pathname, int flags, mode_t mode)
-+{
-+ int fd;
-+
-+ fd = open(pathname, flags, mode);
-+ if (fd < 0) {
-+ return fd;
-+ }
-+
-+ if (close_if_special_file(fd) < 0) {
-+ return -1;
-+ }
-+
-+ return fd;
-+}
-+
- /*
- * send response in two parts
- * 1) ProxyHeader
-@@ -682,7 +705,7 @@ static int do_create(struct iovec *iovec)
- if (ret < 0) {
- goto unmarshal_err_out;
- }
-- ret = open(path.data, flags, mode);
-+ ret = open_regular(path.data, flags, mode);
- if (ret < 0) {
- ret = -errno;
- }
-@@ -707,7 +730,7 @@ static int do_open(struct iovec *iovec)
- if (ret < 0) {
- goto err_out;
- }
-- ret = open(path.data, flags);
-+ ret = open_regular(path.data, flags, 0);
- if (ret < 0) {
- ret = -errno;
- }
---- a/hw/9pfs/9p-util.h
-+++ b/hw/9pfs/9p-util.h
-@@ -13,6 +13,8 @@
- #ifndef QEMU_9P_UTIL_H
- #define QEMU_9P_UTIL_H
-
-+#include "qemu/error-report.h"
-+
- #ifdef O_PATH
- #define O_PATH_9P_UTIL O_PATH
- #else
-@@ -112,6 +114,38 @@ static inline void close_preserve_errno(int fd)
- errno = serrno;
- }
-
-+/**
-+ * close_if_special_file() - Close @fd if neither regular file nor directory.
-+ *
-+ * @fd: file descriptor of open file
-+ * Return: 0 on regular file or directory, -1 otherwise
-+ *
-+ * CVE-2023-2861: Prohibit opening any special file directly on host
-+ * (especially device files), as a compromised client could potentially gain
-+ * access outside exported tree under certain, unsafe setups. We expect
-+ * client to handle I/O on special files exclusively on guest side.
-+ */
-+static inline int close_if_special_file(int fd)
-+{
-+ struct stat stbuf;
-+
-+ if (fstat(fd, &stbuf) < 0) {
-+ close_preserve_errno(fd);
-+ return -1;
-+ }
-+ if (!S_ISREG(stbuf.st_mode) && !S_ISDIR(stbuf.st_mode)) {
-+ error_report_once(
-+ "9p: broken or compromised client detected; attempt to open "
-+ "special file (i.e. neither regular file, nor directory)"
-+ );
-+ close(fd);
-+ errno = ENXIO;
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+
- static inline int openat_dir(int dirfd, const char *name)
- {
- return openat(dirfd, name,
-@@ -146,6 +180,10 @@ again:
- return -1;
- }
-
-+ if (close_if_special_file(fd) < 0) {
-+ return -1;
-+ }
-+
- serrno = errno;
- /* O_NONBLOCK was only needed to open the file. Let's drop it. We don't
- * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat()
---
-GitLab
diff --git a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
deleted file mode 100644
index 75fa534b4f1c..000000000000
--- a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-https://bugs.gentoo.org/909542
-https://gitlab.com/qemu-project/qemu/-/commit/b9d2887be4e616cdaeedd0b7456bfaa71ee798af
-
-From b9d2887be4e616cdaeedd0b7456bfaa71ee798af Mon Sep 17 00:00:00 2001
-From: Christian Schoenebeck <qemu_oss@crudebyte.com>
-Date: Wed, 7 Jun 2023 18:29:33 +0200
-Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861)
-
-The 9p protocol does not specifically define how server shall behave when
-client tries to open a special file, however from security POV it does
-make sense for 9p server to prohibit opening any special file on host side
-in general. A sane Linux 9p client for instance would never attempt to
-open a special file on host side, it would always handle those exclusively
-on its guest side. A malicious client however could potentially escape
-from the exported 9p tree by creating and opening a device file on host
-side.
-
-With QEMU this could only be exploited in the following unsafe setups:
-
- - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
- security model.
-
-or
-
- - Using 9p 'proxy' fs driver (which is running its helper daemon as
- root).
-
-These setups were already discouraged for safety reasons before,
-however for obvious reasons we are now tightening behaviour on this.
-
-Fixes: CVE-2023-2861
-Reported-by: Yanwu Shen <ywsPlz@gmail.com>
-Reported-by: Jietao Xiao <shawtao1125@gmail.com>
-Reported-by: Jinku Li <jkli@xidian.edu.cn>
-Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
-Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
-Reviewed-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
-(cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---- a/fsdev/virtfs-proxy-helper.c
-+++ b/fsdev/virtfs-proxy-helper.c
-@@ -26,6 +26,7 @@
- #include "qemu/xattr.h"
- #include "9p-iov-marshal.h"
- #include "hw/9pfs/9p-proxy.h"
-+#include "hw/9pfs/9p-util.h"
- #include "fsdev/9p-iov-marshal.h"
-
- #define PROGNAME "virtfs-proxy-helper"
-@@ -338,6 +339,28 @@ static void resetugid(int suid, int sgid)
- }
- }
-
-+/*
-+ * Open regular file or directory. Attempts to open any special file are
-+ * rejected.
-+ *
-+ * returns file descriptor or -1 on error
-+ */
-+static int open_regular(const char *pathname, int flags, mode_t mode)
-+{
-+ int fd;
-+
-+ fd = open(pathname, flags, mode);
-+ if (fd < 0) {
-+ return fd;
-+ }
-+
-+ if (close_if_special_file(fd) < 0) {
-+ return -1;
-+ }
-+
-+ return fd;
-+}
-+
- /*
- * send response in two parts
- * 1) ProxyHeader
-@@ -682,7 +705,7 @@ static int do_create(struct iovec *iovec)
- if (ret < 0) {
- goto unmarshal_err_out;
- }
-- ret = open(path.data, flags, mode);
-+ ret = open_regular(path.data, flags, mode);
- if (ret < 0) {
- ret = -errno;
- }
-@@ -707,7 +730,7 @@ static int do_open(struct iovec *iovec)
- if (ret < 0) {
- goto err_out;
- }
-- ret = open(path.data, flags);
-+ ret = open_regular(path.data, flags, 0);
- if (ret < 0) {
- ret = -errno;
- }
---- a/hw/9pfs/9p-util.h
-+++ b/hw/9pfs/9p-util.h
-@@ -13,6 +13,8 @@
- #ifndef QEMU_9P_UTIL_H
- #define QEMU_9P_UTIL_H
-
-+#include "qemu/error-report.h"
-+
- #ifdef O_PATH
- #define O_PATH_9P_UTIL O_PATH
- #else
-@@ -95,6 +97,7 @@ static inline int errno_to_dotl(int err) {
- #endif
-
- #define qemu_openat openat
-+#define qemu_fstat fstat
- #define qemu_fstatat fstatat
- #define qemu_mkdirat mkdirat
- #define qemu_renameat renameat
-@@ -108,6 +111,38 @@ static inline void close_preserve_errno(int fd)
- errno = serrno;
- }
-
-+/**
-+ * close_if_special_file() - Close @fd if neither regular file nor directory.
-+ *
-+ * @fd: file descriptor of open file
-+ * Return: 0 on regular file or directory, -1 otherwise
-+ *
-+ * CVE-2023-2861: Prohibit opening any special file directly on host
-+ * (especially device files), as a compromised client could potentially gain
-+ * access outside exported tree under certain, unsafe setups. We expect
-+ * client to handle I/O on special files exclusively on guest side.
-+ */
-+static inline int close_if_special_file(int fd)
-+{
-+ struct stat stbuf;
-+
-+ if (qemu_fstat(fd, &stbuf) < 0) {
-+ close_preserve_errno(fd);
-+ return -1;
-+ }
-+ if (!S_ISREG(stbuf.st_mode) && !S_ISDIR(stbuf.st_mode)) {
-+ error_report_once(
-+ "9p: broken or compromised client detected; attempt to open "
-+ "special file (i.e. neither regular file, nor directory)"
-+ );
-+ close(fd);
-+ errno = ENXIO;
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+
- static inline int openat_dir(int dirfd, const char *name)
- {
- return qemu_openat(dirfd, name,
-@@ -142,6 +177,10 @@ again:
- return -1;
- }
-
-+ if (close_if_special_file(fd) < 0) {
-+ return -1;
-+ }
-+
- serrno = errno;
- /* O_NONBLOCK was only needed to open the file. Let's drop it. We don't
- * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat()