[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [V11 00/15] virtio-9p: Use chroot to safely access file
|
From: |
M. Mohan Kumar |
|
Subject: |
Re: [Qemu-devel] [V11 00/15] virtio-9p: Use chroot to safely access files in passthrough security model |
|
Date: |
Mon, 27 Jun 2011 10:58:59 +0530 |
|
User-agent: |
Mutt/1.5.19 (2009-01-05) |
On Sun, Jun 26, 2011 at 09:22:27PM +0300, Blue Swirl wrote:
> On Fri, Jun 24, 2011 at 11:22 AM, M. Mohan Kumar <address@hidden> wrote:
> > In passthrough security model, following symbolic links in the server
> > side could result in TOCTTOU vulnerabilities.
> > (http://en.wikipedia.org/wiki/Time-of-check-to-time-of-use)
> >
> > This patchset resolves this issue by creating a dedicated process which
> > chroots into the share path and all file object access is done in the
> > chroot environment.
> >
> > This patchset implements chroot enviroment, provides necessary functions
> > that can be used by the passthrough function calls.
>
> This could be interesting also for privilege separation. A helper
> process like this could access and reopen the image files etc. while
> the rest of QEMU could run in a jail.
As of now this is not generic helper, its meant for 9p export only. If
needed we can add another process which can be a helper routine for qemu.
>
> > This patchset is rebased on top of 9p coroutines patches posted to
> > qemu-devel list
> > http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg02796.html
>
> Aren't the coroutines running in same process, so don't they share the
> root? Also the coroutines are implemented in several OS dependent
> ways.
>
Chroot is done in a forked process, so it won't affect others. I mentioned
about co-routines because this patchset is rebased on top of coroutines
patchset that are not yet part of mainline qemu.
- [Qemu-devel] [V11 02/15] virtio-9p: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled, (continued)
- [Qemu-devel] [V11 02/15] virtio-9p: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 15/15] virtio-9p: Chroot environment for other functions, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 10/15] virtio-9p: Move file post creation changes to none security model, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 06/15] virtio-9p: Create support in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 14/15] virtio-9p: readlink in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 05/15] virtio-9p: Support for opening a file in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 09/15] virtio-9p: Rename in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 01/15] Implement qemu_read_full, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 04/15] virtio-9p: qemu interfaces for chroot environment, M. Mohan Kumar, 2011/06/24
- Re: [Qemu-devel] [V11 00/15] virtio-9p: Use chroot to safely access files in passthrough security model, Blue Swirl, 2011/06/26
- Re: [Qemu-devel] [V11 00/15] virtio-9p: Use chroot to safely access files in passthrough security model,
M. Mohan Kumar <=