On 05/05/2017 09:37 AM, Greg Kurz wrote:
> When using the mapped-file security mode, we shouldn't let the client
> mess with the metadata. The current code already hides it but the
> client can still access the metadata through several operations.
>
> This patch fixes the issue by:
> - preventing the creation of fids pointing to the metadata (name_to_path)
> - failing various operations taking a dirpath and a name arguments if
> name is a metadata reserved name
>
> Signed-off-by: Greg Kurz <gr...@kaod.org>
> ---
> hw/9pfs/9p-local.c | 41 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 41 insertions(+)
>
> diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> index b427d2928800..93cadac302c9 100644
> --- a/hw/9pfs/9p-local.c
> +++ b/hw/9pfs/9p-local.c
> @@ -588,6 +588,11 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> *dir_path,
> int err = -1;
> int dirfd;
>
> + if (local_must_skip_metadata(fs_ctx, name)) {
> + errno = EINVAL;
> + return -1;
> + }
> +I don't know if EINVAL is the best error, but it seems reasonable enough. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
