From 123feced36596f858ce5936a5050a386692b756b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 11 Mar 2017 19:21:59 +0100 Subject: [PATCH] vm/qubesvm: forbid '/' in kernel property It would give VM access to some files outside of /var/lib/qubes/vm-kernels. --- qubes/vm/qubesvm.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py index 8a5ae3f9..f8a0aba3 100644 --- a/qubes/vm/qubesvm.py +++ b/qubes/vm/qubesvm.py @@ -128,6 +128,9 @@ def _setter_kernel(self, prop, value): if value is None: return value value = str(value) + if '/' in value: + raise qubes.exc.QubesPropertyValueError(self, prop, value, + 'Kernel name cannot contain \'/\'') dirname = os.path.join( qubes.config.system_path['qubes_base_dir'], qubes.config.system_path['qubes_kernels_base_dir'],