Home Explore Help
Register Sign In
FangSoftSoft
/
qemu
mirror of https://github.com/utmapp/qemu.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: ios-support-v4.2.0
Branches Tags
qemu
/
fsdev
/
virtfs-proxy-helper.texi

virtfs-proxy-helper.texi 2.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. @example
    2. 

  2. @c man begin SYNOPSIS
    3. 

  3. @command{virtfs-proxy-helper} @var{options}
    4. 

  4. @c man end
    5. 

  5. @end example
    6. 

  6. 

  7. @c man begin DESCRIPTION
    8. 

  8. @table @description
    9. 

  9. Pass-through security model in QEMU 9p server needs root privilege to do
    10. 

  10. few file operations (like chown, chmod to any mode/uid:gid).  There are two
    11. 

  11. issues in pass-through security model
    12. 

  12. 

  13. 1) TOCTTOU vulnerability: Following symbolic links in the server could
    14. 

  14. provide access to files beyond 9p export path.
    15. 

  15. 

  16. 2) Running QEMU with root privilege could be a security issue.
    17. 

  17. 

  18. To overcome above issues, following approach is used: A new filesystem
    19. 

  19. type 'proxy' is introduced. Proxy FS uses chroot + socket combination
    20. 

  20. for securing the vulnerability known with following symbolic links.
    21. 

  21. Intention of adding a new filesystem type is to allow qemu to run
    22. 

  22. in non-root mode, but doing privileged operations using socket IO.
    23. 

  23. 

  24. Proxy helper(a stand alone binary part of qemu) is invoked with
    25. 

  25. root privileges. Proxy helper chroots into 9p export path and creates
    26. 

  26. a socket pair or a named socket based on the command line parameter.
    27. 

  27. QEMU and proxy helper communicate using this socket. QEMU proxy fs
    28. 

  28. driver sends filesystem request to proxy helper and receives the
    29. 

  29. response from it.
    30. 

  30. 

  31. The proxy helper is designed so that it can drop root privileges except
    32. 

  32. for the capabilities needed for doing filesystem operations.
    33. 

  33. 

  34. @end table
    35. 

  35. @c man end
    36. 

  36. 

  37. @c man begin OPTIONS
    38. 

  38. The following options are supported:
    39. 

  39. @table @option
    40. 

  40. @item -h
    41. 

  41. @findex -h
    42. 

  42. Display help and exit
    43. 

  43. @item -p|--path path
    44. 

  44. Path to export for proxy filesystem driver
    45. 

  45. @item -f|--fd socket-id
    46. 

  46. Use given file descriptor as socket descriptor for communicating with
    47. 

  47. qemu proxy fs drier. Usually a helper like libvirt will create
    48. 

  48. socketpair and pass one of the fds as parameter to -f|--fd
    49. 

  49. @item -s|--socket socket-file
    50. 

  50. Creates named socket file for communicating with qemu proxy fs driver
    51. 

  51. @item -u|--uid uid -g|--gid gid
    52. 

  52. uid:gid combination to give access to named socket file
    53. 

  53. @item -n|--nodaemon
    54. 

  54. Run as a normal program. By default program will run in daemon mode
    55. 

  55. @end table
    56. 

  56. @c man end
    57. 

  57. 

  58. @setfilename virtfs-proxy-helper
    59. 

  59. @settitle QEMU 9p virtfs proxy filesystem helper
    60. 

  60. 

  61. @c man begin AUTHOR
    62. 

  62. M. Mohan Kumar
    63. 

  63. @c man end
    64.