On 04/11/2017 12:52 PM, Colin Walters wrote: > > > On Tue, Feb 28, 2017, at 02:23 PM, Eric Blake wrote: > >> Might also be worth mentioning that this patch is required in order to >> solve CVE-2016-9602, per discussion at >> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg06089.html > > I only briefly looked at this, but can't `open(..., O_PATH)` be used to solve > this today? O_PATH was the fallback that qemu used - but that's non-POSIX, which means we have to have a different solution for POSIX systems than for Linux systems, while waiting for Linux to catch up to POSIX. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
