If a call is made to qubes.Service from dom0, qrexec doesn’t check for qubes.Service+, only qubes.Service
#9090
Assignees
Labels
affects-4.1
This issue affects Qubes OS 4.1.
affects-4.2
This issue affects Qubes OS 4.2.
C: core
diagnosed
Technical diagnosis has been performed (see issue comments).
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
T: bug
Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Comments
DemiMarie
added
T: bug
DemiMarie
added
the
pr submitted
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 7, 2024
The test currently fails due to QubesOS/qubes-issues#9090. The test for socket services will be added along with the fix, as without the fix it hangs.
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 7, 2024
Previously, qubes.Service+ was searched for if the call was from a VM, but not if the call was from dom0. Furthermore, a call from dom0 with no argument would skip the check for a too-long service name. In the future, service arguments should be required and not passing one should be treated as an error. That's for R5.0, though: there is too much code in dom0 that depends on the current behavior, and Mirage also depends on receiving a call with no argument at all. QREXEC_SERVICE_FULL_NAME (for executable services) and the call metadata (for socket services) still include the actual command, even if the command does not include "+". Therefore, code that needs to differentiate between "no argument" and "empty argument" can do so for calls from dom0. Fixes: QubesOS/qubes-issues#9090
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 9, 2024
Previously, qubes.Service+ was searched for if the call was from a VM, but not if the call was from dom0. Furthermore, a call from dom0 with no argument would skip the check for a too-long service name. In the future, service arguments should be required and not passing one should be treated as an error. That's for R5.0, though: there is too much code in dom0 that depends on the current behavior, and Mirage also depends on receiving a call with no argument at all. QREXEC_SERVICE_FULL_NAME (for executable services) and the call metadata (for socket services) still include the actual command, even if the command does not include "+". Therefore, code that needs to differentiate between "no argument" and "empty argument" can do so for calls from dom0. Fixes: QubesOS/qubes-issues#9090
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 9, 2024
Previously, qubes.Service+ was searched for if the call was from a VM, but not if the call was from dom0. Furthermore, a call from dom0 with no argument would skip the check for a too-long service name. In the future, service arguments should be required and not passing one should be treated as an error. That's for R5.0, though: there is too much code in dom0 that depends on the current behavior, and Mirage also depends on receiving a call with no argument at all. QREXEC_SERVICE_FULL_NAME (for executable services) and the call metadata (for socket services) still include the actual command, even if the command does not include "+". Therefore, code that needs to differentiate between "no argument" and "empty argument" can do so for calls from dom0. Fixes: QubesOS/qubes-issues#9090
This was referenced May 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to file a helpful issue
Qubes OS release
R4.2, but R4.1 is probably also affected.
Brief summary
If dom0 makes a call to
qubes.Service(perhaps viaqvm-run --service VMNAME qubes.Service), there is no check for/etc/qubes-rpc/qubes.Service+(with explicit empty argument), only/etc/qubes-rpc/qubes.Service(with no argument).Steps to reproduce
See above.
Expected behavior
/etc/qubes-rpc/qubes.Service+is preferred.Actual behavior
/etc/qubes-rpc/qubes.Service+is not searched for.The text was updated successfully, but these errors were encountered: