[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metada
From: |
Greg Kurz |
Subject: |
Re: [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata |
Date: |
Tue, 9 May 2017 11:39:32 +0200 |
On Fri, 5 May 2017 12:13:52 -0500
Eric Blake <address@hidden> wrote:
> On 05/05/2017 09:37 AM, Greg Kurz wrote:
> > When using the mapped-file security mode, we shouldn't let the client
> > mess with the metadata. The current code already hides it but the
> > client can still access the metadata through several operations.
> >
> > This patch fixes the issue by:
> > - preventing the creation of fids pointing to the metadata (name_to_path)
> > - failing various operations taking a dirpath and a name arguments if
> > name is a metadata reserved name
> >
> > Signed-off-by: Greg Kurz <address@hidden>
> > ---
> > hw/9pfs/9p-local.c | 41 +++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 41 insertions(+)
> >
> > diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> > index b427d2928800..93cadac302c9 100644
> > --- a/hw/9pfs/9p-local.c
> > +++ b/hw/9pfs/9p-local.c
> > @@ -588,6 +588,11 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> > *dir_path,
> > int err = -1;
> > int dirfd;
> >
> > + if (local_must_skip_metadata(fs_ctx, name)) {
> > + errno = EINVAL;
> > + return -1;
> > + }
> > +
>
> I don't know if EINVAL is the best error, but it seems reasonable enough.
>
I admit that I'm not really a big fan of returning EINVAL, but there's
nothing like "this file name is illegal" on Linux and I couldn't come
up with a better error...
pgpG_ohVOT6hM.pgp
Description: OpenPGP digital signature
- Re: [Qemu-devel] [PATCH 2/5] 9pfs: local: resolve special directories in paths, (continued)
- [Qemu-devel] [PATCH 3/5] 9pfs: local: simplify file opening, Greg Kurz, 2017/05/05
- [Qemu-devel] [PATCH 4/5] 9pfs: local: metadata file for the VirtFS root, Greg Kurz, 2017/05/05
- [Qemu-devel] [PATCH 5/5] 9pfs: local: forbid client access to metadata, Greg Kurz, 2017/05/05
- Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, no-reply, 2017/05/05
- Re: [Qemu-devel] [PATCH 0/5] 9pfs: local: fix metadata of mapped-file security mode, Leo Gaspard, 2017/05/08