qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PULL v2 2/2] usb: mtp filesharing

From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PULL v2 2/2] usb: mtp filesharing
Date: Thu, 24 Apr 2014 17:01:47 +0200 
  Hi,

> Just a quick review.  If I understand correctly, the guest never sends
> filenames to the guest.  Instead filenames are discovered using readdir
> inside QEMU and the guest accesses objects by handle.

Correct.

> This seems like a
> good property for security since it eliminates '..' escaping attacks.

Yes.  Additionally the code filters out everything but directories and
regular files, so the guest wouldn't see any special inodes (block,
char, socket, pipe).  And it also doesn't follow symlinks.

I'll go over the other comments (and the other review mail) tomorrow.

cheers,
  Gerd

PS: Funny thing that the reviews start coming in when I send pull
    requests.  The patches have been on the list a few weeks back
    already (during 2.0 freeze, thats why the long delay between
    [patch] and [pull]).  No comments.
    Should I consider going straight for a pull requests to get
    reviews faster?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]