[libvirt] [PATCH] qemu: Forbid slashes in shmem name
Martin Kletzander
mkletzan at redhat.com
Mon Feb 20 13:49:56 UTC 2017
On Fri, Feb 10, 2017 at 02:10:17PM +0000, Daniel P. Berrange wrote:
>On Fri, Feb 10, 2017 at 09:07:36AM -0500, John Ferlan wrote:
>>
>>
>> On 02/02/2017 08:14 AM, Martin Kletzander wrote:
>> > With that users could access files outside /dev/shm. That itself
>> > isn't a security problem, but might cause some errors we want to
>> > avoid. So let's forbid slashes as we do with domain and volume names
>> > and also mention that in the schema.
>> >
>> > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496
>> >
>> > Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
>> > ---
>> > docs/schemas/domaincommon.rng | 6 +++++-
>> > src/qemu/qemu_process.c | 23 +++++++++++++++++++++++
>> > 2 files changed, 28 insertions(+), 1 deletion(-)
>> >
>>
>> This was really familiar... hmm.. oh yeah...
>>
>> Can/should virXMLCheckIllegalChars be used?
>>
>> See commits ae381879f, dc40dd60, and e1b81968
>>
>> Likewise, makes me wonder if the *.rng for all those would need some
>> sort of updating to remove chance that a '\n' exists like you've done
>> here for the '/' character.
>>
>> Secondary of course is should the failure be in Parse rather than
>> checking at startup time?
>
>The fact that we need to forbid '/' due to it being interpreted as
>a path, is an artifact of the QEMU implementation. Other drivers
>might not map the names into file paths. So checking in QEMU
>driver code is correct.
>
Ping, does this mean ACK?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170220/48a7cf41/attachment-0001.sig>
More information about the libvir-list
mailing list