From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 14 Feb 2017 14:46:23 +0000 (+0100)
Subject: qemu: Call chmod() after mknod()
X-Git-Tag: CVE-2017-2635~111
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee6ec7824d168cfa28bd67f99772aa0a51473bb3;p=thirdparty%2Flibvirt.git

qemu: Call chmod() after mknod()

mknod() is affected my the current umask, so we're not
guaranteed the newly-created device node will have the
right permissions.

Call chmod(), which is not affected by the current umask,
immediately afterwards to solve the issue.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
---

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f62bf8f1d8..3adec5c140 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7152,6 +7152,16 @@ qemuDomainCreateDeviceRecursive(const char *device,
             }
             goto cleanup;
         }
+
+        /* Set the file permissions again: mknod() is affected by the
+         * current umask, and as such might not have set them correctly */
+        if (create &&
+            chmod(devicePath, sb.st_mode) < 0) {
+            virReportSystemError(errno,
+                                 _("Failed to set permissions for device %s"),
+                                 devicePath);
+            goto cleanup;
+        }
     }
 
     if (!create) {