On Fri, Feb 10, 2017 at 02:10:17PM +0000, Daniel P. Berrange wrote:
On Fri, Feb 10, 2017 at 09:07:36AM -0500, John Ferlan wrote:
On 02/02/2017 08:14 AM, Martin Kletzander wrote:
With that users could access files outside /dev/shm. That itself isn't a security problem, but might cause some errors we want to avoid. So let's forbid slashes as we do with domain and volume names and also mention that in the schema.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> --- docs/schemas/domaincommon.rng | 6 +++++- src/qemu/qemu_process.c | 23 +++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-)
This was really familiar... hmm.. oh yeah...
Can/should virXMLCheckIllegalChars be used?
See commits ae381879f, dc40dd60, and e1b81968
Likewise, makes me wonder if the *.rng for all those would need some sort of updating to remove chance that a '\n' exists like you've done here for the '/' character.
Secondary of course is should the failure be in Parse rather than checking at startup time?
The fact that we need to forbid '/' due to it being interpreted as a path, is an artifact of the QEMU implementation. Other drivers might not map the names into file paths. So checking in QEMU driver code is correct.
Ping, does this mean ACK?