From: Greg Kurz <groug@kaod.org>
To: Michael Fritscher <michael@fritscher.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
sw@weilnetz.de, aneesh.kumar@linux.vnet.ibm.com, mst@redhat.com,
qemu-devel@nongnu.org, gkurz@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] Make 9pfs buildable for Windows
Date: Sun, 15 Oct 2017 21:50:55 +0200 [thread overview]
Message-ID: <20171015215055.19dbecc1@bahia.lan> (raw)
In-Reply-To: <f43e0c376d23066ee08736c43f99100d.squirrel@mifritscher.de>
On Sun, 15 Oct 2017 21:13:34 +0200
"Michael Fritscher" <michael@fritscher.net> wrote:
> >
> > Hi,
> >
> > dumb question: what is the advantage of openat vs. open - only the thing
> > that someone doesn't need to build the path together by hand?
> >
> > If I understand the man page of openat correctly, it does _not_ prevent
> > someone to break out of the jail by using e.g. ../../../blah .
> > If this assumption is correctly perhaps it is better to avoid using the
> > *at function family (as it was some time ago) and sanitize the path (by
> > somehow canonizing it and than check if the beginning is ok).
> >
> > Then I could use the "normal" posix function again and avoid using the NT*
> > Functions directly which is not soooo nice for various reasons.
> >
> > Best regards,
> > Michael Fritscher
> >
>
> Hi again,
>
> I see one thing: symlinks somewhere in the path (which seemed to be the
> reason introducing the *at family). But I think that this can be handled
> by canonlizing the path, too. realpath should do the job quite well.
>
Unfortunately now because we have TOCTOU condition here: some path element
could be replaced by a symlink after realpath() but before we actually pass
the resulting path to a syscall.
> Best regards,
> Michael Fritscher
>
next prev parent reply other threads:[~2017-10-15 19:51 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-29 11:13 [Qemu-devel] Make 9pfs buildable for Windows Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 01/18] Add definitions needed by file-op-9p.h " Michael Fritscher
2017-11-06 13:34 ` Greg Kurz
2017-09-29 11:13 ` [Qemu-devel] [PATCH 02/18] #include <sys/vfs.h> is not available under Windows Michael Fritscher
2017-11-06 14:27 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 03/18] Disable the proxy fsdev " Michael Fritscher
2017-11-06 13:44 ` Greg Kurz
2017-11-06 15:17 ` Michael Fritscher
2017-11-06 16:51 ` Greg Kurz
2017-09-29 11:13 ` [Qemu-devel] [PATCH 04/18] Don't include sys/resource.h on Windows Michael Fritscher
2017-11-06 14:27 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 05/18] Add definitions for 9p.c Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 06/18] Stub out functions for 9pfs Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 07/18] Fix unused variable error and unsuded function if FS_IOC_GETVERSION is not defined Michael Fritscher
2017-11-06 14:29 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 08/18] Stub 9pfs xattr functions for Windows Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 09/18] Dont initialize fields which aren't available on Windows Michael Fritscher
2017-11-06 14:26 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 10/18] dirent has no d_off " Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 11/18] Sete ctx->xops to null " Michael Fritscher
2017-11-06 14:25 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 12/18] Buildfix in 9p-util.c Michael Fritscher
2017-11-06 14:21 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 13/18] fsetxattrat_nofollow doesn't seem to be defined on Windows - disable it Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 14/18] Disable rlimit under Windows Michael Fritscher
2017-11-06 14:24 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 15/18] Fix unavailable fields in stbuf " Michael Fritscher
2017-11-06 14:36 ` Paolo Bonzini
2017-11-06 15:23 ` Michael Fritscher
2017-11-06 15:25 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 16/18] Workaround for missing dent->d_type/d_off " Michael Fritscher
2017-11-06 14:32 ` Paolo Bonzini
2017-09-29 11:13 ` [Qemu-devel] [PATCH 17/18] Compile fixes for Windows Michael Fritscher
2017-09-29 11:13 ` [Qemu-devel] [PATCH 18/18] Enable 9pfs for Windows in configure / makefiles Michael Fritscher
2017-09-29 12:01 ` [Qemu-devel] Make 9pfs buildable for Windows Paolo Bonzini
2017-09-29 14:14 ` Michael Fritscher
2017-09-29 14:25 ` Paolo Bonzini
2017-09-29 18:09 ` Michael Fritscher
2017-10-01 16:17 ` Michael Fritscher
2017-10-15 19:02 ` Michael Fritscher
2017-10-15 19:13 ` Michael Fritscher
2017-10-15 19:50 ` Greg Kurz [this message]
2017-10-15 20:00 ` Michael Fritscher
2017-10-16 5:31 ` Michael Fritscher
2017-10-15 19:45 ` Greg Kurz
2017-11-06 13:29 ` Greg Kurz
2017-11-06 15:14 ` Michael Fritscher
2017-11-06 15:36 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171015215055.19dbecc1@bahia.lan \
--to=groug@kaod.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=gkurz@linux.vnet.ibm.com \
--cc=michael@fritscher.net \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.