On Thursday, December 08, 2011 11:16:33 PM Stefan Hajnoczi wrote: > On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote: > > From: "M. Mohan Kumar" <mo...@in.ibm.com> > > > > Pass-through security model in QEMU 9p server needs root privilege to do > > few file operations (like chown, chmod to any mode/uid:gid). There are > > two issues in pass-through security model > > > > 1) TOCTTOU vulnerability: Following symbolic links in the server could > > provide access to files beyond 9p export path. > > > > 2) Running QEMU with root privilege could be a security issue. > > > > To overcome above issues, following approach is used: A new filesytem > > type 'proxy' is introduced. Proxy FS uses chroot + socket combination > > for securing the vulnerability known with following symbolic links. > > Intention of adding a new filesystem type is to allow qemu to run > > in non-root mode, but doing privileged operations using socket IO. > > Fails to build against qemu.git/master (217bfb4): > > CC libhw64/9pfs/virtio-9p-proxy.o > hw/9pfs/virtio-9p-proxy.c:1195:5: error: unknown field ‘parse_opts’ > specified in initializer hw/9pfs/virtio-9p-proxy.c:1195:5: warning: > initialization from incompatible pointer type [enabled by default] > hw/9pfs/virtio-9p-proxy.c:1195:5: warning: (near initialization for > ‘proxy_ops.init’) [enabled by default] > > Is this against another public tree? >
Sorry, It depends on Aneesh's patch "Move opt validation to FsDriver callback" http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00275.html
