Re: VMD: revise check for regular files on disks

Thu, 04 Jan 2018 10:06:38 -0800 

On Thu, Jan 04, 2018 at 07:14:54AM -0800, Carlos Cardenas wrote:
> Mike Larkin <[email protected]> wrote:
> 
> > On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote:
> > > Howdy.
> > > 
> > > Attached is a patch to address a TOCTOU issue with checking to
> > > ensure disks are regular files, reported by jca@ .
> > > 
> > > Comments? Ok?
> > > 
> > > +--+
> > > Carlos
> > 
> > > Index: config.c
> > > ===================================================================
> > > RCS file: /home/los/cvs/src/usr.sbin/vmd/config.c,v
> > > retrieving revision 1.38
> > > diff -u -p -a -u -r1.38 config.c
> > > --- config.c      3 Jan 2018 05:39:56 -0000       1.38
> > > +++ config.c      4 Jan 2018 03:55:47 -0000
> > > @@ -262,23 +262,23 @@ config_setvm(struct privsep *ps, struct 
> > >   /* Open disk images for child */
> > >   for (i = 0 ; i < vcp->vcp_ndisks; i++) {
> > >                  /* Stat disk[i] to ensure it is a regular file */
> > > -         if (stat(vcp->vcp_disks[i], &stat_buf) == -1) {
> > > +         if ((diskfds[i] =
> > > +             open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> > 
> > O_RDONLY? Or do we actually support the SCSI write commands (ala
> > writing ISO images?)
> 
> vcp_disks represent the vioblk devices which are RDWR.
> vcp_cdrom is RDONLY since it doesn't support writing ISOs.
> 

Of course. I missed that bit. You're right. I thought this was only for
the recent cdrom changes. No concern then.

> > 
> > >                   log_warn("%s: can't open disk %s", __func__,
> > >                       vcp->vcp_disks[i]);
> > >                   errno = VMD_DISK_MISSING;
> > >                   goto fail;
> > >           }
> > > -         if (S_ISREG(stat_buf.st_mode) == 0) {
> > > -                 log_warn("%s: disk %s is not a regular file", __func__,
> > > +         if (fstat(diskfds[i], &stat_buf) == -1) {
> > > +                 log_warn("%s: can't open disk %s", __func__,
> > >                       vcp->vcp_disks[i]);
> > > -                 errno = VMD_DISK_INVALID;
> > > +                 errno = VMD_DISK_MISSING;
> > 
> > I'd probably stick with INVALID here since technically the image is not
> > really "missing"
> 
> Makes sense.
> 
> > 
> > >                   goto fail;
> > >           }
> > > -         if ((diskfds[i] =
> > > -             open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> > > -                 log_warn("%s: can't open disk %s", __func__,
> > > +         if (S_ISREG(stat_buf.st_mode) == 0) {
> > > +                 log_warn("%s: disk %s is not a regular file", __func__,
> > >                       vcp->vcp_disks[i]);
> > > -                 errno = VMD_DISK_MISSING;
> > > +                 errno = VMD_DISK_INVALID;
> > >                   goto fail;
> > >           }
> > >   }
> > 
> > ok mlarkin otherwise

Reply via email to