On 06/15/2011 10:35 AM, Stefan Hajnoczi wrote:
On Tue, Jun 14, 2011 at 9:12 AM, M. Mohan Kumar<mo...@in.ibm.com> wrote:
[RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability
In passthrough security model, following a symbolic link in the server
side could result in TOCTTOU vulnerability.
Use clone system call to create a thread which runs in chrooted
environment. All passthrough model file operations are done from this
thread to avoid TOCTTOU vulnerability.
How will chroot(2) work when QEMU runs as non-root (i.e. secure
production environments)?
This is used only in passthrough mode; passthrough mode needs root
access by design.
There is no TOCTTOU vulnerability in mapped mode as symlinks are not
actual symlinks on host FS.
JV
Stefan