[Virtio-fs] [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517)
Miklos Szeredi
mszeredi at redhat.com
Tue Jan 26 10:27:18 UTC 2021
On Tue, Jan 26, 2021 at 11:18 AM Stefan Hajnoczi <stefanha at redhat.com> wrote:
>
> On Mon, Jan 25, 2021 at 05:12:23PM +0100, Miklos Szeredi wrote:
> > On Thu, Jan 21, 2021 at 3:44 PM Stefan Hajnoczi <stefanha at redhat.com> wrote:
> >
> > > This patch adds the missing checks to virtiofsd. This is a short-term
> > > solution because it does not prevent a compromised virtiofsd process
> > > from opening device nodes on the host.
> >
> > I think the proper solution is adding support to the host in order to
> > restrict opens on filesystems that virtiofsd has access to.
> >
> > My idea was to add a "force_nodev" mount option that cannot be
> > disabled and will make propagated mounts also be marked
> > "force_nodev,nodev".
>
> Interesting idea! Mount options that are relevant:
> * noexec
> * nosuid
> * nodev
> * nosymfollow
>
> Do you have time to work on the force_* mount options?
Not at the moment, but first we need to probe Al to see if this idea sticks...
> > A possibly simpler solution is to extend seccomp to restrict the
> > process itself from being able to open special files. Not sure if
> > that's within the scope of seccomp though.
>
> I don't think seccomp can provide that restriction since it's unrelated
> to the syscall or its arguments.
How about selinux, then?
Thanks,
Miklos
More information about the Virtio-fs
mailing list