On Thursday, December 08, 2011 11:16:33 PM Stefan Hajnoczi wrote:
> On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote:
> > From: "M. Mohan Kumar"
> >
> > Pass-through security model in QEMU 9p server needs root privilege to do
> > few file operations (like chown, chmod to any mode/ui
On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote:
> From: "M. Mohan Kumar"
>
> Pass-through security model in QEMU 9p server needs root privilege to do
> few file operations (like chown, chmod to any mode/uid:gid). There are two
> issues in pass-through security model
>
> 1) TOCTT
From: "M. Mohan Kumar"
Pass-through security model in QEMU 9p server needs root privilege to do
few file operations (like chown, chmod to any mode/uid:gid). There are two
issues in pass-through security model
1) TOCTTOU vulnerability: Following symbolic links in the server could
provide access
