On Tue, Feb 02, 2016 at 05:56:35PM -0800, Daniele Di Proietto wrote: > This check prevents an obvious way for a vhost-user socket to escape the > intended directory. > > There might be other ways to escape the directory (none comes to mind at > the moment), but this is a problem that should be properly solved by > mandatory access control. > > A similar check is done for a bridge name, since that name is used as > part of a socket as well. > > Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com>
I am not sure whether the restriction for .. is necessary. Do you have something in mind there? I think that we should restrict \ as well as /, in case we support DPDK on Windows someday. Do we have a place to document this restriction? _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
