modules/linux/vmhgfs/inode.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

---

lib/misc/hostinfoPosix.c | 23 19 + 4 - 0 !
1 file changed, 19 insertions(+), 4 deletions(-)

 [patch] harden hostinfoosdata against $path attacks.

We are doing a popen("lsb_release... ") when attempting to
determine host details in hostinfoPosix.c. Using popen means that
$PATH is walked when looking for the lsb_release binary, and that
may give an attacker the ability to run a malicious version of
lsb_release.

This change does two things,

a) Hard code the path to lsb_release. I've searched around
   the web and I believe the path is always "/usr/bin/lsb_release"
   so let's not leave this up to chance.

b) Stop running HostinfoGetCmdOutput with elevated privileges. Drop
   to non-root when possible. If someone sneaks in a new call to
   HostinfoGetCmdOutput and doesn't use a full path, then we will
   hopefully avoid a firedrill. I'm only applying this to Linux
   because the Fusion build barfed when I tried to compile with
   without the vmx86_linux.

I think either (a) or (b) would be enough but I'm doing both,
because each individually is correct. Also note that in the blog
post by Tavis Ormandy calls out doing (a) as not enough,
   http://blog.cmpxchg8b.com/2013/08/security-debianisms.html
His example uses a bash feature that allows functions to be
exported. I haven't been able to get that to work on my Ubuntu
machine.

To test I'm manually run Linux WS and Fusion and verified that
the logs look correct.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>

configure.ac | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

 [patch] debian guys want to play with freebsd kernels and linux
 userland, let's recognize such systems when configuring.

This change was contributed to OVT by Robin Elfrink.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>

lib/syncDriver/syncDriverPosix.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

---

lib/include/vm_assert.h | 10 0 + 10 - 0 !
1 file changed, 10 deletions(-)

 [patch 1/5] remove unused deprecated macro

lib/include/vmware/tools/log.h | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 2/5] conditionally define g_info macro

* Some versions of GLib define this macro.

modules/linux/vmhgfs/filesystem.c | 20 14 + 6 - 0 !
modules/linux/vmhgfs/fsutil.c | 118 102 + 16 - 0 !
modules/linux/vmhgfs/fsutil.h | 5 3 + 2 - 0 !
modules/linux/vmhgfs/inode.c | 18 14 + 4 - 0 !
modules/linux/vmhgfs/module.h | 14 12 + 2 - 0 !
5 files changed, 145 insertions(+), 30 deletions(-)

 [patch 3/5] add kuid_t/kgid_t compatibility layer

modules/linux/vmhgfs/link.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 [patch 4/5] use new link helpers

* vfs_follow_link was removed in 3.12.
* vfs_readlink was removed in 3.15.

modules/linux/vmhgfs/file.c | 210 194 + 16 - 0 !
modules/linux/vmhgfs/filesystem.c | 103 4 + 99 - 0 !
modules/linux/vmhgfs/fsutil.c | 743 628 + 115 - 0 !
modules/linux/vmhgfs/fsutil.h | 2 2 + 0 - 0 !
modules/linux/vmhgfs/inode.c | 66 59 + 7 - 0 !
modules/linux/vmhgfs/link.c | 57 53 + 4 - 0 !
modules/linux/vmhgfs/module.h | 7 7 + 0 - 0 !
modules/linux/vmhgfs/page.c | 862 788 + 74 - 0 !
8 files changed, 1735 insertions(+), 315 deletions(-)

 [patch 5/5] update hgfs file operations for newer kernels

* Keep track of write back pages so concurrent file validations do not
  invalidate the cache.
* Handle file flush operations.

modules/linux/shared/compat_netdevice.h | 4 4 + 0 - 0 !
modules/linux/vmxnet/vmxnet.c | 13 8 + 5 - 0 !
2 files changed, 12 insertions(+), 5 deletions(-)

 [patch 10/11] fix vmxnet module on kernels >= 3.16

* Add compat check for ethtool_ops in net_device struct.
* SET_ETHTOOL_OPS is no longer defined, but can be manually.

modules/linux/vmhgfs/file.c | 16 12 + 4 - 0 !
1 file changed, 12 insertions(+), 4 deletions(-)

 [patch 11/11] fix vmhgfs module on kernels >= 3.16

* Use read_iter/write_iter file operations on kernels >= 3.16.
* Do not set aio_read/aio_write on kernels >= 3.16.

modules/linux/shared/compat_fs.h | 3 2 + 1 - 0 !
modules/linux/vmhgfs/file.c | 23 12 + 11 - 0 !
2 files changed, 14 insertions(+), 12 deletions(-)

 [patch 12/12] fix segfault in vmhgfs

* Need to use sync read/write but also set the read_iter/write_iter
  operations.

modules/linux/vmblock/Makefile | 2 1 + 1 - 0 !
modules/linux/vmci/Makefile | 2 1 + 1 - 0 !
modules/linux/vmhgfs/Makefile | 2 1 + 1 - 0 !
modules/linux/vmsync/Makefile | 2 1 + 1 - 0 !
modules/linux/vmxnet/Makefile | 2 1 + 1 - 0 !
modules/linux/vsock/Makefile | 2 1 + 1 - 0 !
6 files changed, 6 insertions(+), 6 deletions(-)

 replacing uname call with kvers, overwriting seemed not to work.

lib/include/guest_os.h | 2 1 + 1 - 0 !
lib/include/guest_os_tables.h | 4 2 + 2 - 0 !
lib/misc/hostinfoPosix.c | 38 37 + 1 - 0 !
3 files changed, 40 insertions(+), 4 deletions(-)

---

scripts/linux/pam.d/vmtoolsd | 9 2 + 7 - 0 !
1 file changed, 2 insertions(+), 7 deletions(-)

---

lib/guestRpc/nicinfo.x | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

scripts/common/vm-support | 59 28 + 31 - 0 !
1 file changed, 28 insertions(+), 31 deletions(-)

---