Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS
Date:	Thu, 8 Dec 2011 17:46:33 +0000
User-agent:	Mutt/1.5.21 (2010-09-15)

On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote:
> From: "M. Mohan Kumar" <address@hidden>
> 
> Pass-through security model in QEMU 9p server needs root privilege to do
> few file operations (like chown, chmod to any mode/uid:gid).  There are two
> issues in pass-through security model
> 
> 1) TOCTTOU vulnerability: Following symbolic links in the server could
> provide access to files beyond 9p export path.
> 
> 2) Running QEMU with root privilege could be a security issue.
> 
> To overcome above issues, following approach is used: A new filesytem
> type 'proxy' is introduced. Proxy FS uses chroot + socket combination
> for securing the vulnerability known with following symbolic links.
> Intention of adding a new filesystem type is to allow qemu to run
> in non-root mode, but doing privileged operations using socket IO.

Fails to build against qemu.git/master (217bfb4):

  CC    libhw64/9pfs/virtio-9p-proxy.o
hw/9pfs/virtio-9p-proxy.c:1195:5: error: unknown field ‘parse_opts’ specified 
in initializer
hw/9pfs/virtio-9p-proxy.c:1195:5: warning: initialization from incompatible 
pointer type [enabled by default]
hw/9pfs/virtio-9p-proxy.c:1195:5: warning: (near initialization for 
‘proxy_ops.init’) [enabled by default]

Is this against another public tree?

Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH V4 04/13] hw/9pfs: File system helper process for qemu 9p proxy FS, (continued)
- [Qemu-devel] [PATCH V4 05/13] hw/9pfs: Open and create files, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 06/13] hw/9pfs: Create other filesystem objects, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 07/13] hw/9pfs: Add stat/readlink/statfs for proxy FS, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 08/13] hw/9pfs: File ownership and others, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 09/13] hw/9pfs: xattr interfaces in proxy filesystem driver, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 10/13] hw/9pfs: Proxy getversion, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 11/13] hw/9pfs: Documentation changes related to proxy fs, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 12/13] hw/9pfs: man page for proxy helper, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 13/13] hw/9pfs: Add support to use named socket for proxy FS, M. Mohan Kumar, 2011/12/05
- Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS, Stefan Hajnoczi <=
  - Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS, M. Mohan Kumar, 2011/12/09

Prev by Date: Re: [Qemu-devel] [PATCH v2 0/5] backdoor: lightweight guest-to-QEMU backdoor channel
Next by Date: Re: [Qemu-devel] [PATCH V4 02/13] hw/9pfs: Add validation to {un}marshal code
Previous by thread: [Qemu-devel] [PATCH V4 13/13] hw/9pfs: Add support to use named socket for proxy FS
Next by thread: Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS
Index(es):
- Date
- Thread