qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU

From: Venkateswararao Jujjuri
Subject: Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability
Date: Wed, 15 Jun 2011 11:16:38 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 
On 06/15/2011 10:35 AM, Stefan Hajnoczi wrote:

On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar<address@hidden>  wrote:

[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

In passthrough security model, following a symbolic link in the server
side could result in TOCTTOU vulnerability.

Use clone system call to create a thread which runs in chrooted
environment. All passthrough model file operations are done from this
thread to avoid TOCTTOU vulnerability.

How will chroot(2) work when QEMU runs as non-root (i.e. secure
production environments)?
This is used only in passthrough mode; passthrough mode needs root access by design. There is no TOCTTOU vulnerability in mapped mode as symlinks are not actual symlinks on host FS. 

JV


Stefan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]