On Fri, Feb 10, 2017 at 02:10:17PM +0000, Daniel P. Berrange wrote:
On Fri, Feb 10, 2017 at 09:07:36AM -0500, John Ferlan wrote:On 02/02/2017 08:14 AM, Martin Kletzander wrote: > With that users could access files outside /dev/shm. That itself > isn't a security problem, but might cause some errors we want to > avoid. So let's forbid slashes as we do with domain and volume names > and also mention that in the schema. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496 > > Signed-off-by: Martin Kletzander <mkletzan redhat com> > --- > docs/schemas/domaincommon.rng | 6 +++++- > src/qemu/qemu_process.c | 23 +++++++++++++++++++++++ > 2 files changed, 28 insertions(+), 1 deletion(-) > This was really familiar... hmm.. oh yeah... Can/should virXMLCheckIllegalChars be used? See commits ae381879f, dc40dd60, and e1b81968 Likewise, makes me wonder if the *.rng for all those would need some sort of updating to remove chance that a '\n' exists like you've done here for the '/' character. Secondary of course is should the failure be in Parse rather than checking at startup time?The fact that we need to forbid '/' due to it being interpreted as a path, is an artifact of the QEMU implementation. Other drivers might not map the names into file paths. So checking in QEMU driver code is correct.
Ping, does this mean ACK?
Description: Digital signature