git.ipfire.org Git - thirdparty/qemu.git/commit

author	Laszlo Ersek <lersek@redhat.com>
	Wed, 24 Apr 2013 11:13:18 +0000 (13:13 +0200)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Tue, 14 May 2013 18:30:33 +0000 (13:30 -0500)
commit	60259539ee9f3b2e5c18fcae2938e7db9ff1e9c0
tree	a3456e368d4ce6f716dffd83b2905b7866b9efd2	tree
parent	93399d08275ff0243ef8c0a2709098bd6192343e	commit \| diff

qga: set umask 0077 when daemonizing (CVE-2013-2007)

The qemu guest agent creates a bunch of files with insecure permissions
when started in daemon mode. For example:

  -rw-rw-rw- 1 root root /var/log/qemu-ga.log
  -rw-rw-rw- 1 root root /var/run/qga.state
  -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log

In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.

For now mask all file mode bits for "group" and "others" in
become_daemon().

Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c689b4f1bac352dcfd6ecb9a1d45337de0f1de67)

Conflicts:

qga/commands-posix.c

*update includes to match stable

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga/commands-posix.c		diff \| blob \| blame \| history
qga/main.c		diff \| blob \| blame \| history