Ben Pfaff <b...@ovn.org> writes: > On Tue, Mar 29, 2016 at 06:04:44AM +0000, Wojciechowicz, RobertX wrote: >> > -----Original Message----- >> > From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Aaron >> > Conole >> > Sent: Monday, March 28, 2016 8:55 PM >> > To: dev@openvswitch.org >> > Cc: Flavio Leitner <f...@sysclose.org> >> > Subject: Re: [ovs-dev] [PATCH v10 0/6] Convert DPDK configuration from >> > command line to DB based >> > >> > Hi (and apologies if the top posting is inappropriate), >> > >> > Don't want to be a pest, but just pinging re: this series. What work >> > remains? I want to try and close this out to do some additional >> > vhostuser config work, so anything that might be gating this please let >> > me know and I'll work on it. >> > >> >> Please remember to add "vhost-sock-dir" to the database, >> even if there will be used the default directory (no command line value). > > I'm nervous about adding unrestricted directory names to the database, > because they could allow a remote database user to write to arbitrary > places in the file system.
I see your point here. Is there a suggested mechanism to resolve this? What if we had a scheme like: ovs_rundir() + dboption where we scrubbed dboption for '..' characters. Since I'm in this area right now doing the change, I don't mind altering this scheme, but it does slightly change the semantic of the option so I'd want to hear from folks before making said scheme change. Thanks, -Aaron _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
