On Mon, 22 Feb 2016 11:43:23 -0800 Daniele Di Proietto <diproiet...@vmware.com> wrote:
> This check prevents an obvious way for a vhost-user socket to escape the > intended directory. > > There might be other ways to escape the directory (none comes to mind at > the moment), but this is a problem that should be properly solved by > mandatory access control. > > A similar check is done for a bridge name, since that name is used as > part of a socket as well. > > Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com> > --- > v2: > * Do not check for '..', as this doesn't really create a problem > * Document restriction in INSTALL.DPDK.md > * Also check for backward slash > * Drop next patch that unlinks the socket before creating it. As pointed > out by Ansis, it enables users deleting other sockets (db or management) > in the run directory > --- > INSTALL.DPDK.md | 3 ++- > lib/netdev-dpdk.c | 16 ++++++++++++++-- > 2 files changed, 16 insertions(+), 3 deletions(-) Acked-by: Flavio Leitner <f...@sysclose.org> -- fbl _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev