Re: [libvirt] libvirt mdev migration, mdevctl integration
On Tue, Dec 10, 2019 at 11:24:44AM +0100, Cornelia Huck wrote:
On Tue, 10 Dec 2019 10:09:34 +0000
Daniel P. Berrangé <berrange(a)redhat.com> wrote:
> On Mon, Dec 09, 2019 at 02:23:38PM -0600, Jonathon Jongsma wrote:
> > mdevctl also supports assigning arbitrary sysfs attributes to a device.
> > These attributes have an explicit ordering and are written to sysfs in
> > the specified order when a device is started. This might be the only
> > thing that doesn't fit into the current xml format.
Not sure how much the 'explicit ordering' is actually required by the
devices currently supporting this. It's probably a good idea to keep
this, though, as future device types might end up having such a
requirement.
> Well we need to define a schema, but there will need to be some kind
> of validation added because. AFAICT, mdevctl does no validation, so a
> plain passthrough of this allows arbitrary writing of files anywhere
> on the host given a suitable malicious attribute name.
Uh, we really should do something about that in mdevctl as well. Writes
outside the sysfs hierarchy should not be allowed.
I'm pretty worried about overall safety/reliability of the mdevctrl
tool in general. Given that it is written in shell, it is really hard
to ensure that it isn't vulnerable to any shell quoting / meta character
flaws, whether from malicious or accidental data input.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|