On 02/13/2018 08:50 AM, Peter Maydell wrote:
> On 13 February 2018 at 16:43, Peter Maydell <peter.mayd...@linaro.org> wrote:
>> OTOH, maybe we should just go ahead without weird games with dup2 and
>> see whether any real code gets confused...
> Here's some real-world code that would break with this patch
> as it stands, though dup2 games wouldn't be the fix in this case:
>  https://github.com/xinetd-org/xinetd/blob/master/xinetd/init.c#L79
> (it iterates through all fds above 2 closing them, and we don't
> protect against the guest being able to perform syscalls on
> interp_dirfd)

Hmm.  I suppose we could maintain a fd_set of valid guest fd's, and check every
guest operation vs that set.  Or special-case interp_dirfd with EBADF.

Thoughts before I attempt either?


Reply via email to