qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU

From: Andreas Färber
Subject: Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability
Date: Wed, 15 Jun 2011 22:10:00 +0200 
Am 14.06.2011 um 10:12 schrieb M. Mohan Kumar:


[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability


Subject doesn't need to be duplicated.


In passthrough security model, following a symbolic link in the server
side could result in TOCTTOU vulnerability.
TOCTOU or TOCTTOU? Don't know what either is, so probably others too - that acronym could use an explanation or link to CVE/etc. 

Andreas


Use clone system call to create a thread which runs in chrooted
environment. All passthrough model file operations are done from this
thread to avoid TOCTTOU vulnerability.

Signed-off-by: Venkateswararao Jujjuri <address@hidden>
Signed-off-by: M. Mohan Kumar <address@hidden>
---

[...]
reply via email to
[Prev in Thread] Current Thread [Next in Thread]