On 06/15/2011 10:35 AM, Stefan Hajnoczi wrote:
On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar<mo...@in.ibm.com>  wrote:
[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability

In passthrough security model, following a symbolic link in the server
side could result in TOCTTOU vulnerability.

Use clone system call to create a thread which runs in chrooted
environment. All passthrough model file operations are done from this
thread to avoid TOCTTOU vulnerability.
How will chroot(2) work when QEMU runs as non-root (i.e. secure
production environments)?

This is used only in passthrough mode; passthrough mode needs root access by design. There is no TOCTTOU vulnerability in mapped mode as symlinks are not actual symlinks on host FS.

JV

Stefan


Reply via email to