|
From: | Andreas Färber |
Subject: | Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability |
Date: | Wed, 15 Jun 2011 22:10:00 +0200 |
Am 14.06.2011 um 10:12 schrieb M. Mohan Kumar:
[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability
Subject doesn't need to be duplicated.
In passthrough security model, following a symbolic link in the server side could result in TOCTTOU vulnerability.
TOCTOU or TOCTTOU? Don't know what either is, so probably others too - that acronym could use an explanation or link to CVE/etc.
Andreas
Use clone system call to create a thread which runs in chrooted environment. All passthrough model file operations are done from this thread to avoid TOCTTOU vulnerability. Signed-off-by: Venkateswararao Jujjuri <address@hidden> Signed-off-by: M. Mohan Kumar <address@hidden> ---
[...]
[Prev in Thread] | Current Thread | [Next in Thread] |