HGFS: we shouldn't allow-open on blank hostPaths for shares by default

Any user can edit the VMX file and set any host path of a shared folder
to the empty string. For cases where the host path is an empty string
it will cause every host drive to be shared with the guest VM.
This should not be allowed to occur by default in case a user mistakenly
sets or maliciously sets the string to empty. It should only be allowed
when a user is intending that behavior and understands the potential
issues.

To fix this I have added an additional VMX config file setting that a user
would have to explicitly set to enable this feature and set a shared folder
to an empty string.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>

diff --git a/open-vm-tools/lib/hgfsServer/hgfsServer.c b/open-vm-tools/lib/hgfsServer/hgfsServer.c
index dea5fd9ed7e5926f8009addb20cd8ab45908a553..6dbaf425f191bd7fd5d1f285cac3e2307ecf6984 100644 (file)
--- a/open-vm-tools/lib/hgfsServer/hgfsServer.c
+++ b/open-vm-tools/lib/hgfsServer/hgfsServer.c
@@ -4934,6 +4934,13 @@ HgfsServerGetLocalNameInfo(const char *cpName,      // IN:  Cross-platform filen
    if (shareInfo->rootDirLen == 0) {
       size_t prefixLen;
 
+      /* Are root shares allowed? If not, we exit with an error. */
+      if (0 == (gHgfsCfgSettings.flags & HGFS_CONFIG_SHARE_ALL_HOST_DRIVES_ENABLED)) {
+         LOG(4, ("%s: Root share being used\n", __FUNCTION__));
+         nameStatus = HGFS_NAME_STATUS_ACCESS_DENIED;
+         goto error;
+      }
+
       /*
        * This is a "root" share. Interpret the input appropriately as
        * either a drive letter or UNC name and append it to the output

diff --git a/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuest.c b/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuest.c
index 9fb88cc2fbfa2a63f65b056d849cfd0210b31cd5..1dc8f5d28404728fec38d84e49e8e29dec83519d 100644 (file)
--- a/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuest.c
+++ b/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuest.c
@@ -105,6 +105,11 @@ static HgfsChannelData gHgfsChannels[] = {
    { "guest", &gGuestBackdoorOps, 0, NULL, NULL, {0} },
 };
 
+static HgfsServerConfig gHgfsGuestCfgSettings = {
+   (HGFS_CONFIG_SHARE_ALL_HOST_DRIVES_ENABLED | HGFS_CONFIG_VOL_INFO_MIN),
+   HGFS_MAX_CACHED_FILENODES
+};
+
 /* HGFS server info state. Referenced by each separate channel that uses it. */
 static HgfsChannelServerData gHgfsChannelServerInfo = { NULL, {0} };
 
@@ -200,7 +205,7 @@ HgfsChannelInitServer(HgfsChannelServerData *serverInfo)   // IN/OUT: ref count
    Debug("%s: Initialize Hgfs server.\n", __FUNCTION__);
 
    /* If we have a new connection initialize the server session with default settings. */
-   result = HgfsServer_InitState(&serverInfo->serverCBTable, NULL, NULL);
+   result = HgfsServer_InitState(&serverInfo->serverCBTable, &gHgfsGuestCfgSettings, NULL);
    if (!result) {
       Debug("%s: Could not init Hgfs server.\n", __FUNCTION__);
    }

diff --git a/open-vm-tools/lib/include/hgfsServer.h b/open-vm-tools/lib/include/hgfsServer.h
index d4758c70732d4ca13443067466d6f8f7c2c88615..1508afdb0682d31577dae9a98f869a2d7a59d3b4 100644 (file)
--- a/open-vm-tools/lib/include/hgfsServer.h
+++ b/open-vm-tools/lib/include/hgfsServer.h
@@ -129,10 +129,11 @@ HgfsSessionSendFunc(void *opaqueSession,  // IN
 #define HGFS_MAX_CACHED_FILENODES   30
 
 typedef uint32 HgfsConfigFlags;
-#define HGFS_CONFIG_USE_HOST_TIME   (1 << 0)
-#define HGFS_CONFIG_NOTIFY_ENABLED  (1 << 1)
-#define HGFS_CONFIG_VOL_INFO_MIN    (1 << 2)
-#define HGFS_CONFIG_OPLOCK_ENABLED  (1 << 3)
+#define HGFS_CONFIG_USE_HOST_TIME                    (1 << 0)
+#define HGFS_CONFIG_NOTIFY_ENABLED                   (1 << 1)
+#define HGFS_CONFIG_VOL_INFO_MIN                     (1 << 2)
+#define HGFS_CONFIG_OPLOCK_ENABLED                   (1 << 3)
+#define HGFS_CONFIG_SHARE_ALL_HOST_DRIVES_ENABLED    (1 << 4)
 
 typedef struct HgfsServerConfig {
    HgfsConfigFlags flags;