hw/9pfs: use O_NOFOLLOW for mapped readlink operation

With mapped security models like mapped-xattr and mapped-file, we save the symlink target as file contents. Now if we ever expose a normal directory with mapped security model and find real symlinks in export path, never follow them and return proper error. Reviewed-by: N Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: N Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>

hw/9pfs: use O_NOFOLLOW for mapped readlink operation
With mapped security models like mapped-xattr and mapped-file, we save the symlink target as file contents. Now if we ever expose a normal directory with mapped security model and find real symlinks in export path, never follow them and return proper error. Reviewed-by: N Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: N Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
aed858ce · Aneesh Kumar K.V · c7e587b7 · aed858ce
显示空白变更内容
内联并排

Showing with 1 addition and 1 deletion

hw/9pfs/virtio-9p-local.c hw/9pfs/virtio-9p-local.c +1 -1

未找到文件。
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -284,7 +284,7 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
    if ((fs_ctx->export_flags & V9FS_SM_MAPPED) ||
        (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE)) {
        int fd;
-        fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
+        fd = open(rpath(fs_ctx, path, buffer), O_RDONLY | O_NOFOLLOW);
        if (fd == -1) {
            return -1;
        }