From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:59377) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qb4O1-0007GN-2n for qemu-devel@nongnu.org; Mon, 27 Jun 2011 01:29:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Qb4Ny-0000dw-AN for qemu-devel@nongnu.org; Mon, 27 Jun 2011 01:29:28 -0400 Received: from e23smtp07.au.ibm.com ([202.81.31.140]:46972) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qb4Nx-0000cd-JB for qemu-devel@nongnu.org; Mon, 27 Jun 2011 01:29:26 -0400 Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [202.81.31.247]) by e23smtp07.au.ibm.com (8.14.4/8.13.1) with ESMTP id p5R5THAv020749 for ; Mon, 27 Jun 2011 15:29:17 +1000 Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.235.139]) by d23relay05.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p5R5RwXB1433778 for ; Mon, 27 Jun 2011 15:28:01 +1000 Received: from d23av04.au.ibm.com (loopback [127.0.0.1]) by d23av04.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p5R5TEMw018220 for ; Mon, 27 Jun 2011 15:29:14 +1000 Date: Mon, 27 Jun 2011 10:58:59 +0530 From: "M. Mohan Kumar" Message-ID: <20110627052859.GA11526@in.ibm.com> References: <1308903744-2870-1-git-send-email-mohan@in.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [V11 00/15] virtio-9p: Use chroot to safely access files in passthrough security model Reply-To: mohan@in.ibm.com List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Blue Swirl Cc: qemu-devel@nongnu.org On Sun, Jun 26, 2011 at 09:22:27PM +0300, Blue Swirl wrote: > On Fri, Jun 24, 2011 at 11:22 AM, M. Mohan Kumar wrote: > > In passthrough security model, following symbolic links in the server > > side could result in TOCTTOU vulnerabilities. > > (http://en.wikipedia.org/wiki/Time-of-check-to-time-of-use) > > > > This patchset resolves this issue by creating a dedicated process which > > chroots into the share path and all file object access is done in the > > chroot environment. > > > > This patchset implements chroot enviroment, provides necessary functions > > that can be used by the passthrough function calls. > > This could be interesting also for privilege separation. A helper > process like this could access and reopen the image files etc. while > the rest of QEMU could run in a jail. As of now this is not generic helper, its meant for 9p export only. If needed we can add another process which can be a helper routine for qemu. > > > This patchset is rebased on top of 9p coroutines patches posted to > > qemu-devel list > > http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg02796.html > > Aren't the coroutines running in same process, so don't they share the > root? Also the coroutines are implemented in several OS dependent > ways. > Chroot is done in a forked process, so it won't affect others. I mentioned about co-routines because this patchset is rebased on top of coroutines patchset that are not yet part of mainline qemu.