On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar <mo...@in.ibm.com> wrote: > [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability > > In passthrough security model, following a symbolic link in the server > side could result in TOCTTOU vulnerability. > > Use clone system call to create a thread which runs in chrooted > environment. All passthrough model file operations are done from this > thread to avoid TOCTTOU vulnerability.
How will chroot(2) work when QEMU runs as non-root (i.e. secure production environments)? Stefan
