[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [V5 PATCH 0/8] virtio-9p: Use chroot to safely access files
|
From: |
M. Mohan Kumar |
|
Subject: |
[Qemu-devel] [V5 PATCH 0/8] virtio-9p: Use chroot to safely access files in passthrough security model |
|
Date: |
Wed, 16 Feb 2011 17:53:07 +0530 |
In passthrough security model, following symbolic links in the server
side could result in TOCTTOU vulnerabilities.
This patchset resolves this issue by creating a dedicated process which
chroots into the share path and all file object access is done in the
chroot environment.
This patchset implements chroot enviroment, provides necessary functions
that can be used by the passthrough function calls.
Changes from version V4:
* Avoid using malloc/free inside chroot process
* Seperate chroot server and client functions
Changes from version V3
* Return EIO incase of socket read/write fail instead of exiting
* Changed data types as suggested by Blue Swirl
* Chroot process reports error through qemu process
Changes from version V2
* Treat socket IO errors as fatal, ie qemu will exit
* Split patchset based on chroot side (server) and qemu side(client)
functionalities
M. Mohan Kumar (8):
Implement qemu_read_full
virtio-9p: Provide chroot environment server side interfaces
virtio-9p: Add client side interfaces for chroot environment
virtio-9p: Add support to open a file in chroot environment
virtio-9p: Create support in chroot environment
virtio-9p: Support for creating special files
virtio-9p: Move file post creation changes to none security model
virtio-9p: Chroot environment for other functions
Makefile.objs | 1 +
hw/9pfs/virtio-9p-chroot-clnt.c | 136 +++++++++++++
hw/9pfs/virtio-9p-chroot-sv.c | 295 +++++++++++++++++++++++++++
hw/9pfs/virtio-9p-chroot.h | 60 ++++++
hw/9pfs/virtio-9p-local.c | 419 +++++++++++++++++++++++++++++++--------
hw/9pfs/virtio-9p.c | 32 +++
hw/file-op-9p.h | 4 +
osdep.c | 32 +++
qemu-common.h | 2 +
9 files changed, 901 insertions(+), 80 deletions(-)
create mode 100644 hw/9pfs/virtio-9p-chroot-clnt.c
create mode 100644 hw/9pfs/virtio-9p-chroot-sv.c
create mode 100644 hw/9pfs/virtio-9p-chroot.h
--
1.7.3.4
- [Qemu-devel] [V5 PATCH 0/8] virtio-9p: Use chroot to safely access files in passthrough security model,
M. Mohan Kumar <=
- [Qemu-devel] [V5 PATCH 7/8] virtio-9p: Move file post creation changes to none security model, M. Mohan Kumar, 2011/02/16
- [Qemu-devel] [V5 PATCH 5/8] virtio-9p: Create support in chroot environment, M. Mohan Kumar, 2011/02/16
- [Qemu-devel] [V5 PATCH 3/8] virtio-9p: Add client side interfaces for chroot environment, M. Mohan Kumar, 2011/02/16
- [Qemu-devel] [V5 PATCH 8/8] virtio-9p: Chroot environment for other functions, M. Mohan Kumar, 2011/02/16
- [Qemu-devel] [V5 PATCH 2/8] virtio-9p: Provide chroot environment server side interfaces, M. Mohan Kumar, 2011/02/16
- [Qemu-devel] [V5 PATCH 4/8] virtio-9p: Add support to open a file in chroot environment, M. Mohan Kumar, 2011/02/16
- [Qemu-devel] [V5 PATCH 6/8] virtio-9p: Support for creating special files, M. Mohan Kumar, 2011/02/16