Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metada

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metada

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata
Date:	Fri, 5 May 2017 12:13:52 -0500
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0

On 05/05/2017 09:37 AM, Greg Kurz wrote:
> When using the mapped-file security mode, we shouldn't let the client
> mess with the metadata. The current code already hides it but the
> client can still access the metadata through several operations.
> 
> This patch fixes the issue by:
> - preventing the creation of fids pointing to the metadata (name_to_path)
> - failing various operations taking a dirpath and a name arguments if
>   name is a metadata reserved name
> 
> Signed-off-by: Greg Kurz <address@hidden>
> ---
>  hw/9pfs/9p-local.c |   41 +++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 41 insertions(+)
> 
> diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> index b427d2928800..93cadac302c9 100644
> --- a/hw/9pfs/9p-local.c
> +++ b/hw/9pfs/9p-local.c
> @@ -588,6 +588,11 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath 
> *dir_path,
>      int err = -1;
>      int dirfd;
>  
> +    if (local_must_skip_metadata(fs_ctx, name)) {
> +        errno = EINVAL;
> +        return -1;
> +    }
> +

I don't know if EINVAL is the best error, but it seems reasonable enough.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, (continued)
- [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Greg Kurz, 2017/05/05
  - Re: [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Eric Blake, 2017/05/05
    - Re: [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Greg Kurz, 2017/05/09
    - Re: [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Greg Kurz, 2017/05/18
    - Re: [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Eric Blake, 2017/05/18
    - Re: [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Greg Kurz, 2017/05/18
- [Qemu-devel] [PATCH 4/5] 9pfs: local: metadata file for the VirtFS root, Greg Kurz, 2017/05/05
  - Re: [Qemu-devel] [PATCH 4/5] 9pfs: local: metadata file for the VirtFS root, Eric Blake, 2017/05/05
    - Re: [Qemu-devel] [PATCH 4/5] 9pfs: local: metadata file for the VirtFS root, Greg Kurz, 2017/05/09
- [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata, Greg Kurz, 2017/05/05
  - Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata, Eric Blake <=
    - Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata, Greg Kurz, 2017/05/09
- Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, no-reply, 2017/05/05
- Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, Leo Gaspard, 2017/05/08
  - Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, Greg Kurz, 2017/05/09

Prev by Date: Re: [Qemu-devel] [PATCH v2 12/24] numa: add numa_[has_]node_id() wrappers
Next by Date: Re: [Qemu-devel] [PATCH 4/4] x86: Support feature=force on the command-line
Previous by thread: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata
Next by thread: Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata
Index(es):
- Date
- Thread