[libvirt] [PATCH] qemu: Forbid slashes in shmem name
John Ferlan
jferlan at redhat.com
Fri Feb 10 14:07:36 UTC 2017
On 02/02/2017 08:14 AM, Martin Kletzander wrote:
> With that users could access files outside /dev/shm. That itself
> isn't a security problem, but might cause some errors we want to
> avoid. So let's forbid slashes as we do with domain and volume names
> and also mention that in the schema.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496
>
> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
> ---
> docs/schemas/domaincommon.rng | 6 +++++-
> src/qemu/qemu_process.c | 23 +++++++++++++++++++++++
> 2 files changed, 28 insertions(+), 1 deletion(-)
>
This was really familiar... hmm.. oh yeah...
Can/should virXMLCheckIllegalChars be used?
See commits ae381879f, dc40dd60, and e1b81968
Likewise, makes me wonder if the *.rng for all those would need some
sort of updating to remove chance that a '\n' exists like you've done
here for the '/' character.
Secondary of course is should the failure be in Parse rather than
checking at startup time?
I agree in principal with what's be done, just the "where" it should be
done.
John
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index cc6e0d0c0d65..00cdc93bca59 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -3598,7 +3598,11 @@
>
> <define name="shmem">
> <element name="shmem">
> - <attribute name="name"/>
> + <attribute name="name">
> + <data type="string">
> + <param name="pattern">[^/]*</param>
> + </data>
> + </attribute>
> <interleave>
> <optional>
> <element name="model">
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 184440dc1af6..0f63668100a6 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -4586,6 +4586,26 @@ qemuProcessStartValidateVideo(virDomainObjPtr vm,
>
>
> static int
> +qemuProcessStartValidateShmem(virDomainObjPtr vm)
> +{
> + size_t i;
> +
> + for (i = 0; i < vm->def->nshmems; i++) {
> + virDomainShmemDefPtr shmem = vm->def->shmems[i];
> +
> + if (strchr(shmem->name, '/')) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("shmem name '%s' must not contain '/'"),
> + shmem->name);
> + return -1;
> + }
> + }
> +
> + return 0;
> +}
> +
> +
> +static int
> qemuProcessStartValidateXML(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> virQEMUCapsPtr qemuCaps,
> @@ -4661,6 +4681,9 @@ qemuProcessStartValidate(virQEMUDriverPtr driver,
> if (qemuProcessStartValidateVideo(vm, qemuCaps) < 0)
> return -1;
>
> + if (qemuProcessStartValidateShmem(vm) < 0)
> + return -1;
> +
> VIR_DEBUG("Checking for any possible (non-fatal) issues");
>
> qemuProcessStartWarnShmem(vm);
>
More information about the libvir-list
mailing list