Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vm/qubesvm: forbid '/' in kernel property

Browse Source 
It would give VM access to some files outside of
/var/lib/qubes/vm-kernels.
This commit is contained in:
Marek Marczykowski-Górecki 2017-03-11 19:21:59 +01:00
parent a036e2a8a0
commit 123feced36
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qubes/vm/qubesvm.py
View File

@ -128,6 +128,9 @@ def _setter_kernel(self, prop, value):
if value is None: if value is None:
return value return value
value = str(value) value = str(value)
if '/' in value:
raise qubes.exc.QubesPropertyValueError(self, prop, value,
'Kernel name cannot contain \'/\'')
dirname = os.path.join( dirname = os.path.join(
qubes.config.system_path['qubes_base_dir'], qubes.config.system_path['qubes_base_dir'],
qubes.config.system_path['qubes_kernels_base_dir'], qubes.config.system_path['qubes_kernels_base_dir'],