Thanks for the review Flavio, I applied this to master and brach-2.5 On 22/02/2016 20:29, "Flavio Leitner" <[email protected]> wrote:
>On Mon, 22 Feb 2016 11:43:23 -0800 >Daniele Di Proietto <[email protected]> wrote: > >> This check prevents an obvious way for a vhost-user socket to escape the >> intended directory. >> >> There might be other ways to escape the directory (none comes to mind at >> the moment), but this is a problem that should be properly solved by >> mandatory access control. >> >> A similar check is done for a bridge name, since that name is used as >> part of a socket as well. >> >> Signed-off-by: Daniele Di Proietto <[email protected]> >> --- >> v2: >> * Do not check for '..', as this doesn't really create a problem >> * Document restriction in INSTALL.DPDK.md >> * Also check for backward slash >> * Drop next patch that unlinks the socket before creating it. As >>pointed >> out by Ansis, it enables users deleting other sockets (db or >>management) >> in the run directory >> --- >> INSTALL.DPDK.md | 3 ++- >> lib/netdev-dpdk.c | 16 ++++++++++++++-- >> 2 files changed, 16 insertions(+), 3 deletions(-) > >Acked-by: Flavio Leitner <[email protected]> > >-- >fbl > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
