On Sun, Jun 26, 2011 at 09:22:27PM +0300, Blue Swirl wrote: > On Fri, Jun 24, 2011 at 11:22 AM, M. Mohan Kumar <mo...@in.ibm.com> wrote: > > In passthrough security model, following symbolic links in the server > > side could result in TOCTTOU vulnerabilities. > > (http://en.wikipedia.org/wiki/Time-of-check-to-time-of-use) > > > > This patchset resolves this issue by creating a dedicated process which > > chroots into the share path and all file object access is done in the > > chroot environment. > > > > This patchset implements chroot enviroment, provides necessary functions > > that can be used by the passthrough function calls. > > This could be interesting also for privilege separation. A helper > process like this could access and reopen the image files etc. while > the rest of QEMU could run in a jail. As of now this is not generic helper, its meant for 9p export only. If needed we can add another process which can be a helper routine for qemu.
> > > This patchset is rebased on top of 9p coroutines patches posted to > > qemu-devel list > > http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg02796.html > > Aren't the coroutines running in same process, so don't they share the > root? Also the coroutines are implemented in several OS dependent > ways. > Chroot is done in a forked process, so it won't affect others. I mentioned about co-routines because this patchset is rebased on top of coroutines patchset that are not yet part of mainline qemu.
