[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Re: [V8 PATCH 11/11] virtio-9p: Chroot environment for
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] Re: [V8 PATCH 11/11] virtio-9p: Chroot environment for other functions |
Date: |
Fri, 11 Mar 2011 06:30:46 +0000 |
On Fri, Mar 11, 2011 at 5:54 AM, Venkateswararao Jujjuri (JV)
<address@hidden> wrote:
> On 3/10/2011 4:29 AM, Stefan Hajnoczi wrote:
>> On Wed, Mar 9, 2011 at 5:16 PM, M. Mohan Kumar <address@hidden> wrote:
>>> Add chroot functionality for systemcalls that can operate on a file
>>> using relative directory file descriptor.
>>
>> I suspect the relative directory approach is broken and escapes the
>> chroot. Here's why:
>>
>> The request is local_chmod(fs_ctx, "/..", credp). dirname("/..") is
>> "/" and basename("..") is "..".
>
> We should never receive protocol operations with relative path.
> Client should always resolve to full path and send the request.
> If the client is malicious this scenario can be be possible.. but in that case
> it is fine to fail the operation.
What I haven't audited yet is whether symlinks can be abused in any of
these *at(2) operations.
The *at(2) approach seems like a shortcut to avoid implementing
individual chroot protocol requests/responses for stat(2) and friends.
But it carries the risk that if we don't use NOFOLLOW then we can be
tricked into escaping the "chroot" because we're performing the
operation outside the chroot.
I'll take a look later today to make sure all operations safe traverse
paths outside the chroot.
Stefan
[Qemu-devel] [V8 PATCH 03/11] virtio-9p: Provide chroot worker side interfaces, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 10/11] virtio-9p: Move file post creation changes to none security model, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 07/11] virtio-9p: Support for creating special files, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 06/11] virtio-9p: Create support in chroot environment, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 04/11] virtio-9p: Add qemu side interfaces for chroot environment, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 01/11] Implement qemu_read_full, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 09/11] virtio-9p: Add support to rename, M. Mohan Kumar, 2011/03/09
[Qemu-devel] [V8 PATCH 05/11] virtio-9p: Add support to open a file in chroot environment, M. Mohan Kumar, 2011/03/09