On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote: > From: "M. Mohan Kumar" <mo...@in.ibm.com> > > Pass-through security model in QEMU 9p server needs root privilege to do > few file operations (like chown, chmod to any mode/uid:gid). There are two > issues in pass-through security model > > 1) TOCTTOU vulnerability: Following symbolic links in the server could > provide access to files beyond 9p export path. > > 2) Running QEMU with root privilege could be a security issue. > > To overcome above issues, following approach is used: A new filesytem > type 'proxy' is introduced. Proxy FS uses chroot + socket combination > for securing the vulnerability known with following symbolic links. > Intention of adding a new filesystem type is to allow qemu to run > in non-root mode, but doing privileged operations using socket IO.
Fails to build against qemu.git/master (217bfb4): CC libhw64/9pfs/virtio-9p-proxy.o hw/9pfs/virtio-9p-proxy.c:1195:5: error: unknown field ‘parse_opts’ specified in initializer hw/9pfs/virtio-9p-proxy.c:1195:5: warning: initialization from incompatible pointer type [enabled by default] hw/9pfs/virtio-9p-proxy.c:1195:5: warning: (near initialization for ‘proxy_ops.init’) [enabled by default] Is this against another public tree? Stefan
