[libvirt] libvirt mdev migration, mdevctl integration
Cornelia Huck
cohuck at redhat.com
Tue Dec 10 10:39:38 UTC 2019
On Tue, 10 Dec 2019 10:36:36 +0000
Daniel P. Berrangé <berrange at redhat.com> wrote:
> On Tue, Dec 10, 2019 at 11:24:44AM +0100, Cornelia Huck wrote:
> > On Tue, 10 Dec 2019 10:09:34 +0000
> > Daniel P. Berrangé <berrange at redhat.com> wrote:
> >
> > > On Mon, Dec 09, 2019 at 02:23:38PM -0600, Jonathon Jongsma wrote:
> > > > mdevctl also supports assigning arbitrary sysfs attributes to a device.
> > > > These attributes have an explicit ordering and are written to sysfs in
> > > > the specified order when a device is started. This might be the only
> > > > thing that doesn't fit into the current xml format.
> >
> > Not sure how much the 'explicit ordering' is actually required by the
> > devices currently supporting this. It's probably a good idea to keep
> > this, though, as future device types might end up having such a
> > requirement.
> >
> > > Well we need to define a schema, but there will need to be some kind
> > > of validation added because. AFAICT, mdevctl does no validation, so a
> > > plain passthrough of this allows arbitrary writing of files anywhere
> > > on the host given a suitable malicious attribute name.
> >
> > Uh, we really should do something about that in mdevctl as well. Writes
> > outside the sysfs hierarchy should not be allowed.
>
> I'm pretty worried about overall safety/reliability of the mdevctrl
> tool in general. Given that it is written in shell, it is really hard
> to ensure that it isn't vulnerable to any shell quoting / meta character
> flaws, whether from malicious or accidental data input.
I'm not sure I'm trusting myself too much to get that right, either...
review obviously welcome, but this is shell, as you say.
More information about the libvir-list
mailing list