[Virtio-fs] [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517)
Stefan Hajnoczi
stefanha at redhat.com
Tue Jan 26 10:18:39 UTC 2021
On Mon, Jan 25, 2021 at 05:12:23PM +0100, Miklos Szeredi wrote:
> On Thu, Jan 21, 2021 at 3:44 PM Stefan Hajnoczi <stefanha at redhat.com> wrote:
>
> > This patch adds the missing checks to virtiofsd. This is a short-term
> > solution because it does not prevent a compromised virtiofsd process
> > from opening device nodes on the host.
>
> I think the proper solution is adding support to the host in order to
> restrict opens on filesystems that virtiofsd has access to.
>
> My idea was to add a "force_nodev" mount option that cannot be
> disabled and will make propagated mounts also be marked
> "force_nodev,nodev".
Interesting idea! Mount options that are relevant:
* noexec
* nosuid
* nodev
* nosymfollow
Do you have time to work on the force_* mount options?
> A possibly simpler solution is to extend seccomp to restrict the
> process itself from being able to open special files. Not sure if
> that's within the scope of seccomp though.
I don't think seccomp can provide that restriction since it's unrelated
to the syscall or its arguments.
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virtio-fs/attachments/20210126/2771ca21/attachment.sig>
More information about the Virtio-fs
mailing list