On Tue, Nov 15, 2011 at 12:09 PM, M. Mohan Kumar wrote:
> Changes from previous version:
>
> 1) Communication between qemu and helper process is similar to 9p way of
> packing
> elements (pdu marshaling).
There is code I haven't reviewed yet but I think it will change as you
add input validation,
Changes from previous version:
1) Communication between qemu and helper process is similar to 9p way of
packing
elements (pdu marshaling).
M. Mohan Kumar wrote:
Pass-through security model in QEMU 9p server needs root privilege to do
few file operations (like chown, chmod to any mode/uid:gid)
Pass-through security model in QEMU 9p server needs root privilege to do
few file operations (like chown, chmod to any mode/uid:gid). There are two
issues in pass-through security model
1) TOCTTOU vulnerability: Following symbolic links in the server could
provide access to files beyond 9p export