On Wed, Jun 15, 2011 at 10:10:00PM +0200, Andreas Färber wrote: > Am 14.06.2011 um 10:12 schrieb M. Mohan Kumar: > >> [RFC PATCH] virtio-9p: Use clone approach to fix TOCTOU vulnerability > > Subject doesn't need to be duplicated.
Ok > >> In passthrough security model, following a symbolic link in the server >> side could result in TOCTTOU vulnerability. > > TOCTOU or TOCTTOU? Don't know what either is, so probably others too - > that acronym could use an explanation or link to CVE/etc. Its TOCTTOU (Time of check to time of usage). Sure next time I will include some more information about this.