On Fri, Aug 21, 2015 at 11:10:31PM -0700, Alex Wang wrote: > This commit relaxes the whitelist format for punix path for > service controller. Instead of only allowing > punix:<ovs_rundir>/<bridge_name>.controller, the new format > allows any suffix, like punix:<ovs_rundir>/<bridge_name>.*. > > Signed-off-by: Alex Wang <al...@nicira.com>
I think there's still a bit of an issue here. The goal here for punix sockets is to avoid allowing a file to be overwritten. I think that requires both ensuring that the correct directory is in use and that there are no .. components in the path. One effectiveness way to do the latter would to be make sure that there are no slashes following the directory. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
