vm/qubesvm: forbid '/' in kernel property

It would give VM access to some files outside of /var/lib/qubes/vm-kernels.
2017-03-11 19:21:59 +01:00 · 2017-03-11 19:21:59 +01:00 · 123feced36
commit 123feced36
parent a036e2a8a0
1 changed files with 3 additions and 0 deletions
--- a/qubes/vm/qubesvm.py
+++ b/qubes/vm/qubesvm.py
@ -128,6 +128,9 @@ def _setter_kernel(self, prop, value):
    if value is None:
        return value
    value = str(value)
+    if '/' in value:
+        raise qubes.exc.QubesPropertyValueError(self, prop, value,
+            'Kernel name cannot contain \'/\'')
    dirname = os.path.join(
        qubes.config.system_path['qubes_base_dir'],
        qubes.config.system_path['qubes_kernels_base_dir'],