|
From: | Venkateswararao Jujjuri |
Subject: | Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability |
Date: | Wed, 15 Jun 2011 11:16:38 -0700 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 |
On 06/15/2011 10:35 AM, Stefan Hajnoczi wrote:
This is used only in passthrough mode; passthrough mode needs root access by design. There is no TOCTTOU vulnerability in mapped mode as symlinks are not actual symlinks on host FS.On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar<address@hidden> wrote:[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability In passthrough security model, following a symbolic link in the server side could result in TOCTTOU vulnerability. Use clone system call to create a thread which runs in chrooted environment. All passthrough model file operations are done from this thread to avoid TOCTTOU vulnerability.How will chroot(2) work when QEMU runs as non-root (i.e. secure production environments)?
JV
Stefan
[Prev in Thread] | Current Thread | [Next in Thread] |