[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: Forbid slashes in shmem name



On Fri, Feb 10, 2017 at 09:07:36AM -0500, John Ferlan wrote:
> 
> 
> On 02/02/2017 08:14 AM, Martin Kletzander wrote:
> > With that users could access files outside /dev/shm.  That itself
> > isn't a security problem, but might cause some errors we want to
> > avoid.  So let's forbid slashes as we do with domain and volume names
> > and also mention that in the schema.
> > 
> > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496
> > 
> > Signed-off-by: Martin Kletzander <mkletzan redhat com>
> > ---
> >  docs/schemas/domaincommon.rng |  6 +++++-
> >  src/qemu/qemu_process.c       | 23 +++++++++++++++++++++++
> >  2 files changed, 28 insertions(+), 1 deletion(-)
> > 
> 
> This was really familiar... hmm.. oh yeah...
> 
> Can/should virXMLCheckIllegalChars be used?
> 
> See commits ae381879f, dc40dd60, and e1b81968
> 
> Likewise, makes me wonder if the *.rng for all those would need some
> sort of updating to remove chance that a '\n' exists like you've done
> here for the '/' character.
> 
> Secondary of course is should the failure be in Parse rather than
> checking at startup time?

The fact that we need to forbid '/' due to it being interpreted as
a path, is an artifact of the QEMU implementation. Other drivers
might not map the names into file paths. So checking in QEMU
driver code is correct.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]