* Stefan Hajnoczi (stefa...@redhat.com) wrote: > On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > > While it's not possible to escape the proc filesystem through > > lo->proc_self_fd, it is possible to escape to the root of the proc > > filesystem itself through "../..". > > > > Use a temporary mount for opening lo->proc_self_fd, that has it's root at > > /proc/self/fd/, preventing access to the ancestor directories. > > > > Signed-off-by: Miklos Szeredi <mszer...@redhat.com> > > --- > > tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++-- > > 1 file changed, 25 insertions(+), 2 deletions(-) > > Good idea! > > It's important to note that the proc file system is already mounted > within a new pid namespace. Therefore the only process visible is our > own process and we don't need to worry about /proc/$PID. However, there > are a bunch of other files in /proc. Some of them are protected by > capability checks like /proc/kcore and virtiofsd is unable to access > them, but it's hard to guarantee that they are all off limits. Better > safe than sorry! > > Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
Thanks; I've picked this up. Dave > _______________________________________________ > Virtio-fs mailing list > virtio...@redhat.com > https://www.redhat.com/mailman/listinfo/virtio-fs -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
