yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity
RT-Task-Generator-QEMU/hw
History
Greg Kurz a33eda0dd9 9pfs: local: utimensat: don't follow symlinks 
The local_utimensat() callback is vulnerable to symlink attacks because it
calls qemu_utimens()->utimensat(AT_SYMLINK_NOFOLLOW) which follows symbolic
links in all path elements but the rightmost one or qemu_utimens()->utimes()
which follows symbolic links for all path elements.

This patch converts local_utimensat() to rely on opendir_nofollow() and
utimensat(AT_SYMLINK_NOFOLLOW) directly instead of using qemu_utimens().
It is hence assumed that the OS supports utimensat(), i.e. has glibc 2.6
or higher and linux 2.6.22 or higher, which seems reasonable nowadays.

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-02-28 11:21:15 +01:00
..
9pfs
9pfs: local: utimensat: don't follow symlinks
2017-02-28 11:21:15 +01:00
acpi
change CPUArchId.cpu type to Object*
2017-02-22 11:28:28 +11:00
adc
STM32F2xx: Add the ADC device
2016-10-04 13:28:07 +01:00
alpha
hw: Default -drive to if=ide explicitly where it works
2017-02-21 13:10:53 +01:00
arm
hw: Deprecate -drive if=scsi with non-onboard HBAs
2017-02-21 13:17:45 +01:00
audio
es1370: wire up reset via DeviceClass
2017-01-11 09:19:03 +01:00
block
block: explicitly acquire aiocontext in aio callbacks that need it
2017-02-21 11:39:39 +00:00
bt
chardev: qom-ify
2017-01-27 18:08:00 +01:00
char
hw/char/mcf_uart: QOMify the ColdFire UART
2017-02-16 14:06:56 +01:00
core
This is the MTTCG pull-request as posted yesterday.
2017-02-25 18:43:52 +00:00
cpu
Introduce DEVICE_CATEGORY_CPU for CPU devices
2017-01-27 18:07:31 +01:00
cris
cris: Fix broken header guard in hw/cris/boot.h
2016-07-12 16:20:46 +02:00
display
virtio-gpu: use dpy_gl_scanout_disable
2017-02-27 16:15:29 +01:00
dma
migration: consolidate VMStateField.start
2017-02-13 17:27:13 +00:00
gpio
hw/gpio: QOM'ify mpc8xxx.c
2017-01-31 10:10:13 +11:00
i2c
arm: Uniquely name imx25 I2C buses.
2017-01-20 11:15:06 +00:00
i386
This is the MTTCG pull-request as posted yesterday.
2017-02-25 18:43:52 +00:00
ide
hw: Drop superfluous special checks for orphaned -drive
2017-02-21 13:17:45 +01:00
input
-----BEGIN PGP SIGNATURE-----
2017-02-02 16:08:28 +00:00
intc
This is the MTTCG pull-request as posted yesterday.
2017-02-25 18:43:52 +00:00
ipack
ipack: Update e-mail address
2016-05-18 15:04:27 +03:00
ipmi
migration: consolidate VMStateField.start
2017-02-13 17:27:13 +00:00
isa
Allow ISA bus to be configured out
2017-02-06 12:33:21 +11:00
lm32
char: rename CharDriverState Chardev
2017-01-27 18:07:59 +01:00
m68k
hw/m68k: QOMify the ColdFire interrupt controller
2017-02-18 22:23:31 +01:00
mem
pc: memhp: enable nvdimm device hotplug
2016-11-01 19:21:09 +02:00
microblaze
clean-up: removed duplicate #includes
2016-10-28 18:17:24 +03:00
mips
hw/mips: MIPS Boston board support
2017-02-24 10:37:21 +00:00
misc
This is the MTTCG pull-request as posted yesterday.
2017-02-25 18:43:52 +00:00
moxie
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
net
hw/net/spapr_llan: 6 byte mac address device tree entry
2017-02-22 14:28:53 +11:00
nios2
nios2: Add Altera 10M50 GHRD emulation
2017-01-24 13:10:35 -08:00
nvram
migration: consolidate VMStateField.start
2017-02-13 17:27:13 +00:00
openrisc
target/openrisc: Rename the cpu from or32 to or1k
2017-02-14 08:14:58 +11:00
pci
Don't check qobject_type() before qobject_to_qdict()
2017-02-22 19:52:01 +01:00
pci-bridge
ppc patch queue 2017-02-02
2017-02-02 18:48:06 +00:00
pci-host
ppc patch queue for 2017-02-22
2017-02-24 10:13:57 +00:00
pcmcia
hw: Clean up includes
2016-01-29 15:07:25 +00:00
ppc
This is the MTTCG pull-request as posted yesterday.
2017-02-25 18:43:52 +00:00
s390x
s390x/css: handle format-0 TIC CCW correctly
2017-02-24 10:15:18 +01:00
scsi
Changes to -drive without if= and with if=scsi
2017-02-21 13:58:50 +00:00
sd
migration: consolidate VMStateField.start
2017-02-13 17:27:13 +00:00
sh4
hw: Default -drive to if=ide explicitly where it works
2017-02-21 13:10:53 +01:00
smbios
stubs: move smbios stubs to hw/smbios
2017-01-16 17:52:35 +01:00
sparc
hw: Drop superfluous special checks for orphaned -drive
2017-02-21 13:17:45 +01:00
sparc64
Pull request for Niagara patches 2017 02 26
2017-02-26 22:40:23 +00:00
ssi
aspeed/smc: use a modulo to check segment limits
2017-02-10 17:40:30 +00:00
timer
hw/mips_gictimer: provide API for retrieving frequency
2017-02-21 22:24:58 +00:00
tpm
clean-up: removed duplicate #includes
2016-10-28 18:17:24 +03:00
tricore
tricore: remove useless cast
2016-09-15 15:32:22 +03:00
unicore32
clean-up: removed duplicate #includes
2016-10-28 18:17:24 +03:00
usb
xhci: properties cleanup
2017-02-23 16:18:03 +01:00
vfio
vfio/pci-quirks.c: Disable stolen memory for igd VFIO
2017-02-22 13:19:59 -07:00
virtio
virtio: Fix no interrupt when not creating msi controller
2017-02-17 21:52:30 +02:00
watchdog
wdt: Add Aspeed watchdog device model
2017-02-07 18:29:59 +00:00
xen
Xen 2017/02/02
2017-02-03 12:31:40 +00:00
xenpv
xenpv: Fix qemu_uuid compiling error
2016-09-29 11:43:17 +08:00
xtensa
target/xtensa: refactor CCOUNT/CCOMPARE
2017-01-15 13:01:55 -08:00
Makefile.objs
acpi: filter based on CONFIG_ACPI_X86 rather than TARGET
2017-01-16 17:52:35 +01:00