qemu/hw/usb
Gerd Hoffmann bab9df35ce usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
While being at it also add O_CLOEXEC.

usb-mtp only handles regular files and directories and ignores
everything else, so users should not see a difference.

Because qemu ignores symlinks, carrying out a successful symlink attack
requires swapping an existing file or directory below rootdir for a
symlink and winning the race against the inotify notification to qemu.

Fixes: CVE-2018-16872
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: Bandan Das <bsd@redhat.com>
Reported-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Message-id: 20181213122511.13853-1-kraxel@redhat.com
2018-12-14 08:52:14 +01:00
..
bus.c error: Fix use of error_prepend() with &error_fatal, &error_abort 2018-10-19 14:51:34 +02:00
ccid-card-emulated.c hw: ccid-card-emulated: cleanup resource when realize in error path 2018-10-29 10:46:07 +01:00
ccid-card-passthru.c hw/usb: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
ccid.h usb-ccid: convert CCIDCardClass::exitfn() -> unrealize() 2018-01-26 07:59:33 +01:00
chipidea.c usb: Add basic code to emulate Chipidea USB IP 2018-02-09 10:40:30 +00:00
combined-packet.c hw/usb: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
core.c usb: don't wakeup during coldplug 2017-05-29 14:18:09 +02:00
desc-msos.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.h all: Clean up includes 2016-02-23 12:43:05 +00:00
dev-audio.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
dev-bluetooth.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
dev-hid.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
dev-hub.c usb-hub: clear suspend on detach 2018-10-01 10:49:54 +02:00
dev-mtp.c usb-mtp: use O_NOFOLLOW and O_CLOEXEC. 2018-12-14 08:52:14 +01:00
dev-network.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
dev-serial.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
dev-smartcard-reader.c hw/usb: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
dev-storage.c block: Remove deprecated -drive option serial 2018-08-15 12:50:39 +02:00
dev-uas.c Revert "usb: release the created buses" 2018-06-18 09:15:51 +02:00
dev-wacom.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
hcd-ehci-pci.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
hcd-ehci-sysbus.c ehci: Add ppc4xx-ehci for the USB 2.0 controller in embedded PPC SoCs 2017-09-27 13:05:41 +10:00
hcd-ehci.c ehci: fix fetch qtd race 2018-12-10 15:30:18 +01:00
hcd-ehci.h ehci: Add ppc4xx-ehci for the USB 2.0 controller in embedded PPC SoCs 2017-09-27 13:05:41 +10:00
hcd-musb.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
hcd-ohci.c usb: ohci: make num_ports to an unsinged integer 2018-10-29 10:25:12 +01:00
hcd-uhci.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
hcd-xhci-nec.c xhci: split into multiple files 2017-05-29 14:03:35 +02:00
hcd-xhci.c xhci: fix guest-triggerable assert 2018-07-03 09:50:39 +02:00
hcd-xhci.h xhci: split into multiple files 2017-05-29 14:03:35 +02:00
host-libusb.c usb-host: reset and close libusb_device_handle before qemu exit 2018-12-10 14:39:54 +01:00
host-stub.c usb: Remove legacy -usbdevice options (host, serial, disk and net) 2018-01-26 07:15:08 +01:00
host.h usb-host: move legacy cmd line bits 2013-02-19 12:30:05 +01:00
libhw.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
Makefile.objs usb: Add basic code to emulate Chipidea USB IP 2018-02-09 10:40:30 +00:00
quirks-ftdi-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks-pl2303-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
quirks.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
redirect.c vmstate: constify VMStateField 2018-11-27 15:35:15 +01:00
trace-events trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
tusb6010.c hw/usb/tusb6010: Convert away from old_mmio 2018-05-04 18:05:50 +01:00
xen-usb.c pvusb: set max grants only in initialise 2018-12-10 14:13:35 +01:00