xenbits.xensource.com Git - qemu-upstream-4.3-testing.git/commit

author	Laszlo Ersek <lersek@redhat.com>
	Tue, 1 Oct 2013 15:13:33 +0000 (15:13 +0000)
committer	Stefano Stabellini <stefano.stabellini@eu.citrix.com>
	Tue, 1 Oct 2013 15:14:34 +0000 (15:14 +0000)
commit	5fefb0fa48e72488f37f0012ee18c93beeac1388
tree	ce6ddb961fffe4441eb2f469b3620254bed9115d	tree
parent	5b73c63c86b80197f1be12feb32625d203833f09	commit \| diff

qga: set umask 0077 when daemonizing (CVE-2013-2007)

The qemu guest agent creates a bunch of files with insecure permissions
when started in daemon mode. For example:

  -rw-rw-rw- 1 root root /var/log/qemu-ga.log
  -rw-rw-rw- 1 root root /var/run/qga.state
  -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log

In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.

For now mask all file mode bits for "group" and "others" in
become_daemon().

Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.

upstream-commit-id: c689b4f1bac352dcfd6ecb9a1d45337de0f1de67

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

qemu-ga.c		diff \| blob \| history
qga/commands-posix.c		diff \| blob \| history