Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,282 Commits 1 Branch 0 Tags 34 MiB
591b95a81b
Commit Graph

1282 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vincent Penquerc'h
c171f47ba8 vm-file-editor: put temporary files in per domain subdirectories 
This avoids the possibility that incoming files may match
an existing file in /tmp (whether from the target VM, or a
third VM that's also sent a file for editing), as well as
possible file leaks between domains.
 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
9a4b1efa61 core-agent-linux: misc const/void fixups 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
214365e272 vm-file-editor: hide | in filename 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
47c657b123 vm-file-editor: close output when done writing 2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
81e9f967be vm-file-editor: do not overwite an existing file 
Either a housekeeping file from that VM, or a similarly named
one being edited from a third VM.
 2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
11b8f9be20 vm-file-editor: fix potential buffer overflow 
If we're being sent something without a zero byte, we
could happily read off the end of the buffer. Interestingly,
the write part was checking for the max bound.
 2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
c9a25b8915 vm-file-editor: fix incorrect time display 
It's used only for display, and never parsed, but still.
 2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
a4b3a0c955 qopen-in-vm: ensure we can't mistake a non empty file for an empty one 
st_size is off_t, which may be larger than int.
 2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
38c0ea3128 qopen-in-vm: fix read overflow 
That one would also send more data to the other VM that what we
intended: the start of the env var data (which in similar code
on my host includes the GPG agent socket path, XDG session cookie,
and more.

The other side expects a fixed size though, so pad with NULs.

Interestingly, the original code was not vulnerable as it was
callocing enough space.
 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
5af6f0ff7f qopen-in-vm: close output when we're done writing to it 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
511b614f56 qrexec-agent: catch failure to deliver signal 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
1dfd1d0e70 qrexec-agent: fix array read underflow 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
b2e84900a3 qrexec-agent: fix file leak on read error 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
c14f810067 qrexec-agent: pass an int pointer to sscanf to match %d 
and check for 16 bit unsigned range after that.
 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
4823490e70 qfile-unpacker: some error checking 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
475421b2e2 core-agent-linux: misc const fixups 2014-01-06 17:57:40 +01:00
Marek Marczykowski-Górecki
4a4e81f010 Merge remote-tracking branch 'joanna/master' 2014-01-06 17:57:08 +01:00
Marek Marczykowski-Górecki
fd55d48126 Move meminfo-writer to linux-utils repo 
It is common for both dom0 and VM.  So move to linux-specific repo (not
VM-specific).
 2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
0daaefb47f rpm: own /lib/modules only in Fedora >= 19 
Previously it was owned by filesystem package.
 2013-12-22 23:00:21 +01:00
Joanna Rutkowska
0341677a0e version 2.1.24 2013-12-18 12:03:34 +01:00
Marek Marczykowski-Górecki
b3081dce07 systemd: disable additional unneeded services 2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea systemd: while disabling service, disable also its activators 
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
 2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
a0f3ce9e93 Hide errors from qubes.WaitForSession 
Especially "Killed" message, which is normal as 'sleep' is signalled with
SIGKILL once session is ready.
 2013-12-15 05:36:43 +01:00
Marek Marczykowski-Górecki
22929bb18f kernel-placeholder: provide kernel modules mountpoint 
It is no longer part of 'filesystem' package in Fedora 19.
 2013-12-15 05:36:02 +01:00
Marek Marczykowski-Górecki
7dd5a40218 rpm: kernel-placeholder provides kernel-modules-extra 
Yet another package with kernel-related files already provided by dom0.
 2013-12-13 04:40:20 +01:00
Marek Marczykowski-Górecki
4c78388776 version 2.1.23 2013-12-08 19:22:11 +01:00
Marek Marczykowski-Górecki
dee9c6782f Disable r2-beta2 repo on r2-beta3 system 2013-12-08 19:21:21 +01:00
Joanna Rutkowska
bfef08e412 version 2.1.22 2013-12-06 19:04:49 +01:00
Marek Marczykowski-Górecki
3cc566f539 Split R2 yum repository for individual beta releases. 2013-12-06 13:02:22 +01:00
Joanna Rutkowska
f2656f4e51 version 2.1.21 2013-12-04 16:04:38 +01:00
Olivier MEDOC
f7a956ef2e archlinux: fixes due to new archlinux releases 2013-12-03 18:07:01 +01:00
Joanna Rutkowska
65badd1faa version 2.1.20 2013-12-02 15:18:11 +01:00
Marek Marczykowski-Górecki
41c701a1ac Revert "Do not start gnome-settings-daemon in AppVM" 
This reverts commit 047a7a0b23.
Actually some g-s-d plugins are helpful, for example notification of low
disk space. Also we've already disabled keyboard plugin.
 2013-12-01 02:25:51 +01:00
Marek Marczykowski-Górecki
e3e96dba74 Merge branch 'new-backups' 2013-11-29 04:02:43 +01:00
Marek Marczykowski-Górecki
6c3c3e717d tar2qfile: use lseek() to skip unwanted data if possible 
When reading from file it is much faster.
 2013-11-25 02:28:35 +01:00
Marek Marczykowski-Górecki
3c92cdba22 tar2qfile: use read_all() instead of read() 
read() syscall do not guarantee to read as much data as requested. This
is especially important when reading from pipe - remote end can produce
data slower than we are reading them. Use read_all() helper to always
get requested amount of data.
 2013-11-25 02:24:21 +01:00
Marek Marczykowski-Górecki
9b859c9ac5 qubes-rpc: save one syscall on each data block 
read_all/write_all calls set_* on every call, so this can be
noticeable performance improvement.
 2013-11-25 02:11:45 +01:00
Marek Marczykowski-Górecki
4010ddaab5 minor whitespace fix 2013-11-24 04:45:36 +01:00
Marek Marczykowski-Górecki
03923ae548 tar2qfile: disable debug messages 2013-11-24 04:45:14 +01:00
Marek Marczykowski-Górecki
dba3571883 tar2qfile: send EOF marker 2013-11-24 04:44:19 +01:00
Marek Marczykowski-Górecki
584df6986e tar2qfile: fix compile warnings 2013-11-24 04:44:19 +01:00
Marek Marczykowski-Górecki
52d696a0c3 tar2qfile: fix padding handling 2013-11-24 04:44:18 +01:00
Marek Marczykowski-Górecki
3c43f20d9e tar2qfile: terminate parsing when all requested files/dirs found 
Assume that all the files of directory are in continuous block (which is
true in case of qvm-backup stream). This will allow to terminate before
getting to the file end - especially useful when only qubes.xml
requested.
 2013-11-24 04:43:53 +01:00
Olivier MEDOC
42c40d399b restore: improve error handling 2013-11-23 02:48:50 +01:00
Olivier MEDOC
ae776521b0 tar2qfile: forgot to pass a parameter in tar_read function 2013-11-23 02:48:42 +01:00
Olivier MEDOC
8e853c752c tar2qfile: fixed a bug when file contained in tar is a multiple of 512 bytes 2013-11-23 02:48:42 +01:00
Olivier MEDOC
8a1f87d0ed tar2qfile: starting cleanup to get rid of the stat structure which is not required during conversion 2013-11-23 02:48:42 +01:00
Olivier MEDOC
91b84d863c tar2qfile: add filtering options to tar2qfile 2013-11-23 02:48:41 +01:00
Olivier MEDOC
fa6bb43c62 backup: Use paths sent from dom0 to filter files that should be extracted 2013-11-23 02:45:25 +01:00
Joanna Rutkowska
77f29dd957 version 2.1.19 2013-11-22 14:44:31 +01:00