[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Make 9pfs buildable for Windows
|
From: |
Greg Kurz |
|
Subject: |
Re: [Qemu-devel] Make 9pfs buildable for Windows |
|
Date: |
Sun, 15 Oct 2017 21:50:55 +0200 |
On Sun, 15 Oct 2017 21:13:34 +0200
"Michael Fritscher" <address@hidden> wrote:
> >
> > Hi,
> >
> > dumb question: what is the advantage of openat vs. open - only the thing
> > that someone doesn't need to build the path together by hand?
> >
> > If I understand the man page of openat correctly, it does _not_ prevent
> > someone to break out of the jail by using e.g. ../../../blah .
> > If this assumption is correctly perhaps it is better to avoid using the
> > *at function family (as it was some time ago) and sanitize the path (by
> > somehow canonizing it and than check if the beginning is ok).
> >
> > Then I could use the "normal" posix function again and avoid using the NT*
> > Functions directly which is not soooo nice for various reasons.
> >
> > Best regards,
> > Michael Fritscher
> >
>
> Hi again,
>
> I see one thing: symlinks somewhere in the path (which seemed to be the
> reason introducing the *at family). But I think that this can be handled
> by canonlizing the path, too. realpath should do the job quite well.
>
Unfortunately now because we have TOCTOU condition here: some path element
could be replaced by a symlink after realpath() but before we actually pass
the resulting path to a syscall.
> Best regards,
> Michael Fritscher
>