On Tue, 10 Dec 2019 10:36:36 +0000
Daniel P. Berrangé <berrange(a)redhat.com> wrote:
On Tue, Dec 10, 2019 at 11:24:44AM +0100, Cornelia Huck wrote:
> On Tue, 10 Dec 2019 10:09:34 +0000
> Daniel P. Berrangé <berrange(a)redhat.com> wrote:
>
> > On Mon, Dec 09, 2019 at 02:23:38PM -0600, Jonathon Jongsma wrote:
> > > mdevctl also supports assigning arbitrary sysfs attributes to a device.
> > > These attributes have an explicit ordering and are written to sysfs in
> > > the specified order when a device is started. This might be the only
> > > thing that doesn't fit into the current xml format.
>
> Not sure how much the 'explicit ordering' is actually required by the
> devices currently supporting this. It's probably a good idea to keep
> this, though, as future device types might end up having such a
> requirement.
>
> > Well we need to define a schema, but there will need to be some kind
> > of validation added because. AFAICT, mdevctl does no validation, so a
> > plain passthrough of this allows arbitrary writing of files anywhere
> > on the host given a suitable malicious attribute name.
>
> Uh, we really should do something about that in mdevctl as well. Writes
> outside the sysfs hierarchy should not be allowed.
I'm pretty worried about overall safety/reliability of the mdevctrl
tool in general. Given that it is written in shell, it is really hard
to ensure that it isn't vulnerable to any shell quoting / meta character
flaws, whether from malicious or accidental data input.
I'm not sure I'm trusting myself too much to get that right, either...
review obviously welcome, but this is shell, as you say.