On Fri, 5 May 2017 12:13:52 -0500 Eric Blake <ebl...@redhat.com> wrote:
> On 05/05/2017 09:37 AM, Greg Kurz wrote:
> > When using the mapped-file security mode, we shouldn't let the client
> > mess with the metadata. The current code already hides it but the
> > client can still access the metadata through several operations.
> >
> > This patch fixes the issue by:
> > - preventing the creation of fids pointing to the metadata (name_to_path)
> > - failing various operations taking a dirpath and a name arguments if
> > name is a metadata reserved name
> >
> > Signed-off-by: Greg Kurz <gr...@kaod.org>
> > ---
> > hw/9pfs/9p-local.c | 41 +++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 41 insertions(+)
> >
> > diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> > index b427d2928800..93cadac302c9 100644
> > --- a/hw/9pfs/9p-local.c
> > +++ b/hw/9pfs/9p-local.c
> > @@ -588,6 +588,11 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> > *dir_path,
> > int err = -1;
> > int dirfd;
> >
> > + if (local_must_skip_metadata(fs_ctx, name)) {
> > + errno = EINVAL;
> > + return -1;
> > + }
> > +
>
> I don't know if EINVAL is the best error, but it seems reasonable enough.
>
I admit that I'm not really a big fan of returning EINVAL, but there's
nothing like "this file name is illegal" on Linux and I couldn't come
up with a better error...
pgpvKNNl4MgKa.pgp
Description: OpenPGP digital signature
