On Mon, Mar 01, 2021 at 05:27:28PM +0000, Stefan Hajnoczi wrote: > World-writeable directories have security issues. Avoid showing them in > the documentation since someone might accidentally use them in > situations where they are insecure. > > There tend to be 3 security problems: > 1. Denial of service. An adversary may be able to create the file > beforehand, consume all space/inodes, etc to sabotage us. > 2. Impersonation. An adversary may be able to create a listen socket and > accept incoming connections that were meant for us. > 3. Unauthenticated client access. An adversary may be able to connect to > us if we did not set the uid/gid and permissions correctly. > > These can be prevented or mitigated with private /tmp, carefully setting > the umask, etc but that requires special action and does not apply to > all situations. Just avoid using /tmp in examples. > > Reported-by: Richard W.M. Jones <[email protected]> > Reported-by: Daniel P. Berrangé <[email protected]> > Signed-off-by: Stefan Hajnoczi <[email protected]> > --- > docs/tools/qemu-storage-daemon.rst | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-)
Reviewed-by: Daniel P. Berrangé <[email protected]> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
