From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:53759) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RZ1jv-0002dn-83 for qemu-devel@nongnu.org; Fri, 09 Dec 2011 09:47:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RZ1jq-0004Xp-Ta for qemu-devel@nongnu.org; Fri, 09 Dec 2011 09:47:55 -0500 Received: from e28smtp05.in.ibm.com ([122.248.162.5]:43491) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RZ1jq-0004XV-7g for qemu-devel@nongnu.org; Fri, 09 Dec 2011 09:47:50 -0500 Received: from /spool/local by e28smtp05.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 9 Dec 2011 20:17:42 +0530 Received: from d28av03.in.ibm.com (d28av03.in.ibm.com [9.184.220.65]) by d28relay01.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id pB9Eldfk4653092 for ; Fri, 9 Dec 2011 20:17:39 +0530 Received: from d28av03.in.ibm.com (loopback [127.0.0.1]) by d28av03.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id pB9ElcVI003373 for ; Sat, 10 Dec 2011 01:47:39 +1100 From: "M. Mohan Kumar" Date: Fri, 9 Dec 2011 20:17:32 +0530 References: <1323101930-27163-1-git-send-email-mohan@in.ibm.com> <20111208174633.GA20998@stefanha-thinkpad.localdomain> In-Reply-To: <20111208174633.GA20998@stefanha-thinkpad.localdomain> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <201112092017.34127.mohan@in.ibm.com> Subject: Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: "M. Mohan Kumar" , qemu-devel@nongnu.org, aneesh.kumar@linux.vnet.ibm.com On Thursday, December 08, 2011 11:16:33 PM Stefan Hajnoczi wrote: > On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote: > > From: "M. Mohan Kumar" > >=20 > > Pass-through security model in QEMU 9p server needs root privilege to do > > few file operations (like chown, chmod to any mode/uid:gid). There are > > two issues in pass-through security model > >=20 > > 1) TOCTTOU vulnerability: Following symbolic links in the server could > > provide access to files beyond 9p export path. > >=20 > > 2) Running QEMU with root privilege could be a security issue. > >=20 > > To overcome above issues, following approach is used: A new filesytem > > type 'proxy' is introduced. Proxy FS uses chroot + socket combination > > for securing the vulnerability known with following symbolic links. > > Intention of adding a new filesystem type is to allow qemu to run > > in non-root mode, but doing privileged operations using socket IO. >=20 > Fails to build against qemu.git/master (217bfb4): >=20 > CC libhw64/9pfs/virtio-9p-proxy.o > hw/9pfs/virtio-9p-proxy.c:1195:5: error: unknown field =E2=80=98parse_opt= s=E2=80=99 > specified in initializer hw/9pfs/virtio-9p-proxy.c:1195:5: warning: > initialization from incompatible pointer type [enabled by default] > hw/9pfs/virtio-9p-proxy.c:1195:5: warning: (near initialization for > =E2=80=98proxy_ops.init=E2=80=99) [enabled by default] >=20 > Is this against another public tree? > Sorry, It depends on Aneesh's patch "Move opt validation to FsDriver callba= ck" =20 http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00275.html