On Thu, Feb 04, 2016 at 03:42:34AM +0000, Daniele Di Proietto wrote: > > > On 03/02/2016 14:47, "Ben Pfaff" <b...@ovn.org> wrote: > > >On Tue, Feb 02, 2016 at 05:56:35PM -0800, Daniele Di Proietto wrote: > >> This check prevents an obvious way for a vhost-user socket to escape the > >> intended directory. > >> > >> There might be other ways to escape the directory (none comes to mind at > >> the moment), but this is a problem that should be properly solved by > >> mandatory access control. > >> > >> A similar check is done for a bridge name, since that name is used as > >> part of a socket as well. > >> > >> Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com> > > > >I am not sure whether the restriction for .. is necessary. Do you have > >something in mind there? > > The difference between here and the bridge management socket is that here > we have no suffix. A vhost user port named .. should have a socket in > "/var/run/openvswitch/.." > > It will not be possible to create a socket like this nor to remove the > directory (I believe unlink should refuse to remove directories), but I > thought it was better to check for this and fail early with a better > error message rather that try to create/unlink an invalid path. > > Now that I think about it the name "." has the same problem. > > What do you think?
I think that both unlink and bind for . and .. will yield an error, and I think that the cause will be pretty obvious, so I don't see a need for the special case. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
