[Virtio-fs] [PATCH v2] virtiofsd: prevent opening of special files (CVE-2020-35517)
Miklos Szeredi
mszeredi at redhat.com
Wed Jan 27 15:22:49 UTC 2021
On Wed, Jan 27, 2021 at 4:09 PM Greg Kurz <groug at kaod.org> wrote:
>
> On Wed, 27 Jan 2021 15:09:50 +0100
> Miklos Szeredi <mszeredi at redhat.com> wrote:
> > The semantics of O_CREATE are that it can fail neither because the
> > file exists nor because it doesn't. This doesn't matter if the
> > exported tree is not modified outside of a single guest, because of
> > locking provided by the guest kernel.
> >
>
> Wrong. O_CREAT can legitimately fail with ENOENT if one element
Let me make my statement more precise:
O_CREAT cannot fail with ENOENT if parent directory exists throughout
the operation.
I'm sure this property is used all over the place in userspace code,
and hence should be supported in strict coherence (cache=none) mode.
For relaxed coherence (cache=auto) I'm not quite sure. NFS is usually
the reference, we'd need to look into what guarantees it provides wrt.
O_CREAT and remote racing unlink.
Thanks,
Miklos
More information about the Virtio-fs
mailing list