commit 0a7673d2029ef69175b8e3ce41677965edde371b · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

qemu_test: Rebase force-uid0-on-9p.patch

This reverts commit 3a4e2376e444fd7664102af00a34c65b47e271ec.

The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.

So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.

I've tested this with the "misc" NixOS test and it succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

aszlig 9 years ago 0a7673d2 c3c69535

+44 -40

2 changed files

expand all

unified split

pkgs

applications

virtualization

qemu

default.nix

force-uid0-on-9p.patch

+7 -7

pkgs/applications/virtualization/qemu/default.nix

··· 78 79 # security fixes from debian 80 (fetchurl { 81 name = "CVE-2017-2630.patch"; 82 url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/nbd_client-fix-drop_sync-CVE-2017-2630.patch?h=debian/qemu_2.8%2bdfsg-3"; 83 sha256 = "1gdxaari53iwgj3gyczz30rhg8lj6xqycxym4snw9z5vmkyj1bbq"; ··· 135 (upstreamPatch "CVE-2017-5987" "6e86d90352adf6cb08295255220295cf23c4286e" 136 "09yfxf93cisx8rhm0h48ib1ibwfs420k5pqpz8dnz33nci9567jm") 137 138 - ] ++ (if nixosTestRunner then [ ./force-uid0-on-9p.patch ] else [ 139 - (fetchurl { 140 - name = "CVE-2016-9602.patch"; 141 - url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3"; 142 - sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv"; 143 - }) 144 - ]); 145 146 hardeningDisable = [ "stackprotector" ]; 147

··· 78 79 # security fixes from debian 80 (fetchurl { 81 + name = "CVE-2016-9602.patch"; 82 + url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3"; 83 + sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv"; 84 + }) 85 + 86 + (fetchurl { 87 name = "CVE-2017-2630.patch"; 88 url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/nbd_client-fix-drop_sync-CVE-2017-2630.patch?h=debian/qemu_2.8%2bdfsg-3"; 89 sha256 = "1gdxaari53iwgj3gyczz30rhg8lj6xqycxym4snw9z5vmkyj1bbq"; ··· 141 (upstreamPatch "CVE-2017-5987" "6e86d90352adf6cb08295255220295cf23c4286e" 142 "09yfxf93cisx8rhm0h48ib1ibwfs420k5pqpz8dnz33nci9567jm") 143 144 + ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch; 145 146 hardeningDisable = [ "stackprotector" ]; 147

+37 -33

pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch

··· 1 diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c 2 - index 3f271fc..dc273f4 100644 3 --- a/hw/9pfs/9p-local.c 4 +++ b/hw/9pfs/9p-local.c 5 - @@ -45,6 +45,23 @@ 6 7 #define VIRTFS_META_DIR ".virtfs_metadata" 8 ··· 23 + return 0; 24 +} 25 + 26 - static char *local_mapped_attr_path(FsContext *ctx, const char *path) 27 { 28 - int dirlen; 29 - @@ -128,6 +145,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) 30 if (err) { 31 goto err_out; 32 } ··· 35 if (fs_ctx->export_flags & V9FS_SM_MAPPED) { 36 /* Actual credentials are part of extended attrs */ 37 uid_t tmp_uid; 38 - @@ -462,6 +481,11 @@ static ssize_t local_pwritev(FsContext *ctx, V9fsFidOpenState *fs, 39 - return ret; 40 - } 41 42 - +static inline int maybe_chmod(const char *path, mode_t mode) 43 - +{ 44 - + return is_in_store_path(path) ? 0 : chmod(path, mode); 45 - +} 46 + 47 - static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) 48 - { 49 - char *buffer; 50 - @@ -477,7 +501,7 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) 51 - } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || 52 - (fs_ctx->export_flags & V9FS_SM_NONE)) { 53 - buffer = rpath(fs_ctx, path); 54 - - ret = chmod(buffer, credp->fc_mode); 55 - + ret = maybe_chmod(buffer, credp->fc_mode); 56 - g_free(buffer); 57 - } 58 - return ret; 59 - @@ -621,6 +645,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, 60 if (err) { 61 return err; 62 } ··· 65 if (fs_ctx->export_flags & V9FS_SM_MAPPED) { 66 /* Actual credentials are part of extended attrs */ 67 uid_t tmp_uid; 68 - @@ -916,7 +942,8 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) 69 (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || 70 (fs_ctx->export_flags & V9FS_SM_NONE)) { 71 - buffer = rpath(fs_ctx, path); 72 - - ret = lchown(buffer, credp->fc_uid, credp->fc_gid); 73 - + ret = is_in_store_path(buffer) 74 - + ? 0 : lchown(buffer, credp->fc_uid, credp->fc_gid); 75 - g_free(buffer); 76 - } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) { 77 - buffer = rpath(fs_ctx, path);

··· 1 diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c 2 + index 45e9a1f9b0..494ee00c66 100644 3 --- a/hw/9pfs/9p-local.c 4 +++ b/hw/9pfs/9p-local.c 5 + @@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags) 6 7 #define VIRTFS_META_DIR ".virtfs_metadata" 8 ··· 23 + return 0; 24 +} 25 + 26 + static FILE *local_fopenat(int dirfd, const char *name, const char *mode) 27 { 28 + int fd, o_mode = 0; 29 + @@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) 30 if (err) { 31 goto err_out; 32 } ··· 35 if (fs_ctx->export_flags & V9FS_SM_MAPPED) { 36 /* Actual credentials are part of extended attrs */ 37 uid_t tmp_uid; 38 + @@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode) 39 + { 40 + int fd, ret; 41 42 + + if (is_in_store_path(name)) 43 + + return 0; 44 + 45 + /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW). 46 + * Unfortunately, the linux kernel doesn't implement it yet. As an 47 + * alternative, let's open the file and use fchmod() instead. This 48 + @@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, 49 if (err) { 50 return err; 51 } ··· 54 if (fs_ctx->export_flags & V9FS_SM_MAPPED) { 55 /* Actual credentials are part of extended attrs */ 56 uid_t tmp_uid; 57 + @@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, 58 + if (err) { 59 + goto out; 60 + } 61 + - err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, 62 + - AT_SYMLINK_NOFOLLOW); 63 + + if (is_in_store_path(name)) 64 + + err = 0; 65 + + else 66 + + err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, 67 + + AT_SYMLINK_NOFOLLOW); 68 + if (err == -1) { 69 + /* 70 + * If we fail to change ownership and if we are 71 + @@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) 72 + goto out; 73 + } 74 + 75 + - if ((credp->fc_uid == -1 && credp->fc_gid == -1) || 76 + + if (is_in_store_path(name)) { 77 + + ret = 0; 78 + + } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) || 79 (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || 80 (fs_ctx->export_flags & V9FS_SM_NONE)) { 81 + ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,