From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rusty Russell Subject: Re: [RFC PATCH 1/5] lguest: mmap backing file Date: Fri, 21 Mar 2008 11:29:03 +1100 Message-ID: <200803211129.03820.rusty@rustcorp.com.au> References: <200803201659.14344.rusty@rustcorp.com.au> <200803201705.44422.rusty@rustcorp.com.au> <1206000960.6873.124.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm-devel , lguest , virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: echo-Czp0qWhDxZq1SnRDb8oMDQ@public.gmane.org Return-path: In-Reply-To: <1206000960.6873.124.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: lguest-bounces+glkvl-lguest=m.gmane.org-mnsaURCQ41sdnm+yROfE0A@public.gmane.org Errors-To: lguest-bounces+glkvl-lguest=m.gmane.org-mnsaURCQ41sdnm+yROfE0A@public.gmane.org List-Id: kvm.vger.kernel.org On Thursday 20 March 2008 19:16:00 Tim Post wrote: > On Thu, 2008-03-20 at 17:05 +1100, Rusty Russell wrote: > > + snprintf(memfile_path, PATH_MAX, "%s/.lguest", > > getenv("HOME") ?: ""); > > Hi Rusty, > > Is that safe if being run via setuid/gid or shared root? It might be > better to just look it up in /etc/passwd against the real UID, > considering that anyone can change (or null) that env string. Hi Tim, Fair point: it is bogus in this usage case. Of course, setuid-ing lguest is dumb anyway, since you could use --block= to read and write any file in the filesystem. The mid-term goal is to allow non-root to run lguest, which fixes this problem (we don't allow that at the moment, as the guest can pin memory). Cheers, Rusty.