Ben Pfaff <[email protected]> writes: > On Tue, Mar 29, 2016 at 06:04:44AM +0000, Wojciechowicz, RobertX wrote: >> > -----Original Message----- >> > From: dev [mailto:[email protected]] On Behalf Of Aaron >> > Conole >> > Sent: Monday, March 28, 2016 8:55 PM >> > To: [email protected] >> > Cc: Flavio Leitner <[email protected]> >> > Subject: Re: [ovs-dev] [PATCH v10 0/6] Convert DPDK configuration from >> > command line to DB based >> > >> > Hi (and apologies if the top posting is inappropriate), >> > >> > Don't want to be a pest, but just pinging re: this series. What work >> > remains? I want to try and close this out to do some additional >> > vhostuser config work, so anything that might be gating this please let >> > me know and I'll work on it. >> > >> >> Please remember to add "vhost-sock-dir" to the database, >> even if there will be used the default directory (no command line value). > > I'm nervous about adding unrestricted directory names to the database, > because they could allow a remote database user to write to arbitrary > places in the file system.
I see your point here. Is there a suggested mechanism to resolve this? What if we had a scheme like: ovs_rundir() + dboption where we scrubbed dboption for '..' characters. Since I'm in this area right now doing the change, I don't mind altering this scheme, but it does slightly change the semantic of the option so I'd want to hear from folks before making said scheme change. Thanks, -Aaron _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
