On Fri, Feb 05, 2016 at 11:40:11AM -0800, Ben Pfaff wrote: > On Thu, Feb 04, 2016 at 03:42:34AM +0000, Daniele Di Proietto wrote: > > > > > > On 03/02/2016 14:47, "Ben Pfaff" <b...@ovn.org> wrote: > > > > >On Tue, Feb 02, 2016 at 05:56:35PM -0800, Daniele Di Proietto wrote: > > >> This check prevents an obvious way for a vhost-user socket to escape the > > >> intended directory. > > >> > > >> There might be other ways to escape the directory (none comes to mind at > > >> the moment), but this is a problem that should be properly solved by > > >> mandatory access control. > > >> > > >> A similar check is done for a bridge name, since that name is used as > > >> part of a socket as well. > > >> > > >> Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com> > > > > > >I am not sure whether the restriction for .. is necessary. Do you have > > >something in mind there? > > > > The difference between here and the bridge management socket is that here > > we have no suffix. A vhost user port named .. should have a socket in > > "/var/run/openvswitch/.." > > > > It will not be possible to create a socket like this nor to remove the > > directory (I believe unlink should refuse to remove directories), but I > > thought it was better to check for this and fail early with a better > > error message rather that try to create/unlink an invalid path. > > > > Now that I think about it the name "." has the same problem. > > > > What do you think? > > I think that both unlink and bind for . and .. will yield an error, and > I think that the cause will be pretty obvious, so I don't see a need for > the special case.
Hi Daniele, are you planning to send a v2 for this patch? I think that we should definitely address it. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
