[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metada
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata |
Date: |
Fri, 5 May 2017 12:13:52 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0 |
On 05/05/2017 09:37 AM, Greg Kurz wrote:
> When using the mapped-file security mode, we shouldn't let the client
> mess with the metadata. The current code already hides it but the
> client can still access the metadata through several operations.
>
> This patch fixes the issue by:
> - preventing the creation of fids pointing to the metadata (name_to_path)
> - failing various operations taking a dirpath and a name arguments if
> name is a metadata reserved name
>
> Signed-off-by: Greg Kurz <address@hidden>
> ---
> hw/9pfs/9p-local.c | 41 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 41 insertions(+)
>
> diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> index b427d2928800..93cadac302c9 100644
> --- a/hw/9pfs/9p-local.c
> +++ b/hw/9pfs/9p-local.c
> @@ -588,6 +588,11 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> *dir_path,
> int err = -1;
> int dirfd;
>
> + if (local_must_skip_metadata(fs_ctx, name)) {
> + errno = EINVAL;
> + return -1;
> + }
> +
I don't know if EINVAL is the best error, but it seems reasonable enough.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, (continued)
[Qemu-devel] [PATCH 4/5] 9pfs: local: metadata file for the VirtFS root, Greg Kurz, 2017/05/05
[Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata, Greg Kurz, 2017/05/05
- Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata,
Eric Blake <=
Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, no-reply, 2017/05/05
Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, Leo Gaspard, 2017/05/08