On Fri, 5 May 2017 12:13:52 -0500
Eric Blake <ebl...@redhat.com> wrote:

> On 05/05/2017 09:37 AM, Greg Kurz wrote:
> > When using the mapped-file security mode, we shouldn't let the client
> > mess with the metadata. The current code already hides it but the
> > client can still access the metadata through several operations.
> > 
> > This patch fixes the issue by:
> > - preventing the creation of fids pointing to the metadata (name_to_path)
> > - failing various operations taking a dirpath and a name arguments if
> >   name is a metadata reserved name
> > 
> > Signed-off-by: Greg Kurz <gr...@kaod.org>
> > ---
> >  hw/9pfs/9p-local.c |   41 +++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 41 insertions(+)
> > 
> > diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> > index b427d2928800..93cadac302c9 100644
> > --- a/hw/9pfs/9p-local.c
> > +++ b/hw/9pfs/9p-local.c
> > @@ -588,6 +588,11 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath 
> > *dir_path,
> >      int err = -1;
> >      int dirfd;
> >  
> > +    if (local_must_skip_metadata(fs_ctx, name)) {
> > +        errno = EINVAL;
> > +        return -1;
> > +    }
> > +  
> 
> I don't know if EINVAL is the best error, but it seems reasonable enough.
> 

I admit that I'm not really a big fan of returning EINVAL, but there's
nothing like "this file name is illegal" on Linux and I couldn't come
up with a better error...

Attachment: pgpvKNNl4MgKa.pgp
Description: OpenPGP digital signature

Reply via email to