[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU
|
From: |
M. Mohan Kumar |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability |
|
Date: |
Thu, 16 Jun 2011 16:50:51 +0530 |
|
User-agent: |
Mutt/1.5.19 (2009-01-05) |
On Wed, Jun 15, 2011 at 10:10:00PM +0200, Andreas Färber wrote:
> Am 14.06.2011 um 10:12 schrieb M. Mohan Kumar:
>
>> [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability
>
> Subject doesn't need to be duplicated.
Ok
>
>> In passthrough security model, following a symbolic link in the server
>> side could result in TOCTTOU vulnerability.
>
> TOCTOU or TOCTTOU? Don't know what either is, so probably others too -
> that acronym could use an explanation or link to CVE/etc.
Its TOCTTOU (Time of check to time of usage). Sure next time I will include
some more information about this.