On 03/02/2016 14:47, "Ben Pfaff" <b...@ovn.org> wrote:
>On Tue, Feb 02, 2016 at 05:56:35PM -0800, Daniele Di Proietto wrote: >> This check prevents an obvious way for a vhost-user socket to escape the >> intended directory. >> >> There might be other ways to escape the directory (none comes to mind at >> the moment), but this is a problem that should be properly solved by >> mandatory access control. >> >> A similar check is done for a bridge name, since that name is used as >> part of a socket as well. >> >> Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com> > >I am not sure whether the restriction for .. is necessary. Do you have >something in mind there? The difference between here and the bridge management socket is that here we have no suffix. A vhost user port named .. should have a socket in "/var/run/openvswitch/.." It will not be possible to create a socket like this nor to remove the directory (I believe unlink should refuse to remove directories), but I thought it was better to check for this and fail early with a better error message rather that try to create/unlink an invalid path. Now that I think about it the name "." has the same problem. What do you think? > >I think that we should restrict \ as well as /, in case we support DPDK >on Windows someday. Good point, I'll include that. > >Do we have a place to document this restriction? I'll include something in INSTALL.DPDK.md. I didn't find anything specific to vhostuser in the database Thanks for the review _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
