From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=38792 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Pf4yX-0001AR-PN
	for qemu-devel@nongnu.org; Tue, 18 Jan 2011 01:23:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mohan@in.ibm.com>) id 1Pf4yW-0002mg-Fy
	for qemu-devel@nongnu.org; Tue, 18 Jan 2011 01:23:29 -0500
Received: from e28smtp03.in.ibm.com ([122.248.162.3]:38941)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mohan@in.ibm.com>) id 1Pf4yV-0002m2-NF
	for qemu-devel@nongnu.org; Tue, 18 Jan 2011 01:23:28 -0500
Received: from d28relay03.in.ibm.com (d28relay03.in.ibm.com [9.184.220.60])
	by e28smtp03.in.ibm.com (8.14.4/8.13.1) with ESMTP id p0I6NKBH029939
	for <qemu-devel@nongnu.org>; Tue, 18 Jan 2011 11:53:20 +0530
Received: from d28av02.in.ibm.com (d28av02.in.ibm.com [9.184.220.64])
	by d28relay03.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	p0I6NKDL4128980
	for <qemu-devel@nongnu.org>; Tue, 18 Jan 2011 11:53:20 +0530
Received: from d28av02.in.ibm.com (loopback [127.0.0.1])
	by d28av02.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	p0I6NKaA016713
	for <qemu-devel@nongnu.org>; Tue, 18 Jan 2011 17:23:20 +1100
Received: from explorer.in.ibm.com ([9.124.35.46])
	by d28av02.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id
	p0I6NJFk016709
	for <qemu-devel@nongnu.org>; Tue, 18 Jan 2011 17:23:19 +1100
From: "M. Mohan Kumar" <mohan@in.ibm.com>
Date: Tue, 18 Jan 2011 11:53:19 +0530
Message-Id: <1295331799-23856-1-git-send-email-mohan@in.ibm.com>
Subject: [Qemu-devel] [V3 PATCH 0/8] virtio-9p: Use chroot to safely access
	files in passthrough model
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

In passthrough security model, following symbolic links in the server
side could result in TOCTTOU vulnerabilities.

This patchset resolves this issue by creating a dedicated process which
chroots into the share path and all file object access is done in the
chroot environment.

This patchset implements chroot enviroment, provides necessary functions
that can be used by the passthrough function calls.

Changes from version V2
* Treat socket IO errors as fatal, ie qemu will exit
* Split patchset based on chroot side (server) and qemu side(client)
  functionalities

This patchset is tested with fsstress, connectathon, Tuxera POSIX test suite
and LTP FS testcases for all three security models.

M. Mohan Kumar (8):
  Implement qemu_read_full
  Provide chroot environment server side interfaces
  Add client side interfaces for chroot environment
  Add support to open a file in chroot environment
  Create support in chroot environment
  Support for creating special files
  Move file post creation changes to none security model
  Chroot environment for other functions

 Makefile.objs              |    1 +
 hw/9pfs/virtio-9p-chroot.c |  414 ++++++++++++++++++++++++++++++++++++++++
 hw/9pfs/virtio-9p-chroot.h |   42 ++++
 hw/9pfs/virtio-9p-local.c  |  456 ++++++++++++++++++++++++++++++++++++--------
 hw/9pfs/virtio-9p.c        |   23 +++
 hw/file-op-9p.h            |    2 +
 osdep.c                    |   32 +++
 qemu-common.h              |    2 +
 8 files changed, 891 insertions(+), 81 deletions(-)
 create mode 100644 hw/9pfs/virtio-9p-chroot.c
 create mode 100644 hw/9pfs/virtio-9p-chroot.h

-- 
1.7.3.4