[Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)
Daniel P. Berrangé
berrange at redhat.com
Tue Jan 26 10:36:19 UTC 2021
On Tue, Jan 26, 2021 at 10:35:02AM +0000, Stefan Hajnoczi wrote:
> A well-behaved FUSE client does not attempt to open special files with
> FUSE_OPEN because they are handled on the client side (e.g. device nodes
> are handled by client-side device drivers).
>
> The check to prevent virtiofsd from opening special files is missing in
> a few cases, most notably FUSE_OPEN. A malicious client can cause
> virtiofsd to open a device node, potentially allowing the guest to
> escape. This can be exploited by a modified guest device driver. It is
> not exploitable from guest userspace since the guest kernel will handle
> special files inside the guest instead of sending FUSE requests.
>
> This patch adds the missing checks to virtiofsd. This is a short-term
> solution because it does not prevent a compromised virtiofsd process
> from opening device nodes on the host.
>
> Reported-by: Alex Xu <alex at alxu.ca>
> Fixes: CVE-2020-35517
> Reviewed-by: Dr. David Alan Gilbert <dgilbert at redhat.com>
> Reviewed-by: Vivek Goyal <vgoyal at redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha at redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the Virtio-fs
mailing list