From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:60691)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1RYjBu-0001v3-Oz
	for qemu-devel@nongnu.org; Thu, 08 Dec 2011 13:59:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1RYjBt-0007FX-Hx
	for qemu-devel@nongnu.org; Thu, 08 Dec 2011 13:59:34 -0500
Received: from mail-ww0-f41.google.com ([74.125.82.41]:53709)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1RYjBt-0007FR-Ct
	for qemu-devel@nongnu.org; Thu, 08 Dec 2011 13:59:33 -0500
Received: by wgbdt12 with SMTP id dt12so1780312wgb.4
	for <qemu-devel@nongnu.org>; Thu, 08 Dec 2011 10:59:32 -0800 (PST)
Date: Thu, 8 Dec 2011 17:46:33 +0000
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20111208174633.GA20998@stefanha-thinkpad.localdomain>
References: <1323101930-27163-1-git-send-email-mohan@in.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1323101930-27163-1-git-send-email-mohan@in.ibm.com>
Subject: Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "M. Mohan Kumar" <mohankumar.m@gmail.com>
Cc: "M. Mohan Kumar" <mohan@in.ibm.com>, qemu-devel@nongnu.org, aneesh.kumar@linux.vnet.ibm.com

On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote:
> From: "M. Mohan Kumar" <mohan@in.ibm.com>
> 
> Pass-through security model in QEMU 9p server needs root privilege to do
> few file operations (like chown, chmod to any mode/uid:gid).  There are two
> issues in pass-through security model
> 
> 1) TOCTTOU vulnerability: Following symbolic links in the server could
> provide access to files beyond 9p export path.
> 
> 2) Running QEMU with root privilege could be a security issue.
> 
> To overcome above issues, following approach is used: A new filesytem
> type 'proxy' is introduced. Proxy FS uses chroot + socket combination
> for securing the vulnerability known with following symbolic links.
> Intention of adding a new filesystem type is to allow qemu to run
> in non-root mode, but doing privileged operations using socket IO.

Fails to build against qemu.git/master (217bfb4):

  CC    libhw64/9pfs/virtio-9p-proxy.o
hw/9pfs/virtio-9p-proxy.c:1195:5: error: unknown field ‘parse_opts’ specified in initializer
hw/9pfs/virtio-9p-proxy.c:1195:5: warning: initialization from incompatible pointer type [enabled by default]
hw/9pfs/virtio-9p-proxy.c:1195:5: warning: (near initialization for ‘proxy_ops.init’) [enabled by default]

Is this against another public tree?

Stefan