Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-16 Thread M. Mohan Kumar
On Wed, Jun 15, 2011 at 04:24:12PM +0100, Stefan Hajnoczi wrote: > On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar wrote: > > [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability > > > > In passthrough security model, following a symbolic link in the server > > side could result i

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-16 Thread M. Mohan Kumar
On Wed, Jun 15, 2011 at 10:10:00PM +0200, Andreas Färber wrote: > Am 14.06.2011 um 10:12 schrieb M. Mohan Kumar: > >> [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability > > Subject doesn't need to be duplicated. Ok > >> In passthrough security model, following a symbolic link in

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-15 Thread Stefan Hajnoczi
On Wed, Jun 15, 2011 at 7:16 PM, Venkateswararao Jujjuri wrote: > On 06/15/2011 10:35 AM, Stefan Hajnoczi wrote: >> >> On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar  wrote: >>> >>> [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability >>> >>> In passthrough security model, follow

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-15 Thread Andreas Färber
Am 14.06.2011 um 10:12 schrieb M. Mohan Kumar: [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability Subject doesn't need to be duplicated. In passthrough security model, following a symbolic link in the server side could result in TOCTTOU vulnerability. TOCTOU or TOCTTOU?

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-15 Thread Venkateswararao Jujjuri
On 06/15/2011 10:35 AM, Stefan Hajnoczi wrote: On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar wrote: [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability In passthrough security model, following a symbolic link in the server side could result in TOCTTOU vulnerability. Use cl

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-15 Thread Stefan Hajnoczi
On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar wrote: > [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability > > In passthrough security model, following a symbolic link in the server > side could result in TOCTTOU vulnerability. > > Use clone system call to create a thread which

Re: [Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-15 Thread Stefan Hajnoczi
On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar wrote: > [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability > > In passthrough security model, following a symbolic link in the server > side could result in TOCTTOU vulnerability. > > Use clone system call to create a thread which

[Qemu-devel] [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

2011-06-14 Thread M. Mohan Kumar
[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability In passthrough security model, following a symbolic link in the server side could result in TOCTTOU vulnerability. Use clone system call to create a thread which runs in chrooted environment. All passthrough model file operatio