netdev-dpdk: Restrict vhost_sock_dir

Since the vhost-user sockets directory now comes from the database, it is possible for any user with database access to program an arbitrary filesystem location for the sockets directory. This could result in unprivileged users creating or deleting arbitrary filesystem files by using specially crafted names. To prevent this, 'vhost-sock-dir' is now relative to ovs_rundir() and must not contain "..". Signed-off-by: Aaron Conole <aconole@redhat.com> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
author: Aaron Conole <aconole@redhat.com> 2016-04-29 13:44:02 -0400
committer: Daniele Di Proietto <diproiettod@vmware.com> 2016-04-29 15:07:39 -0700
commit: d8a8f353c23ee9bdcead2c3963819aba0701a595 (patch)
tree: 71204ad42e152736a221a9f3292af9755569315d /vswitchd
parent: bab6940971336510c1f4342cde0bc17da46b99f1 (diff)
download: openvswitch-d8a8f353c23ee9bdcead2c3963819aba0701a595.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index c36cb5945..400428bbc 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -290,7 +290,9 @@
       <column name="other_config" key="vhost-sock-dir"
               type='{"type": "string"}'>
         <p>
-          Specifies the path to the vhost-user unix domain socket files.
+          Specifies the path to the vhost-user unix domain socket files. This
+          path must exist and be a subdirectory tree of the Open vSwitch
+          run directory.
         </p>
         <p>
           Defaults to the working directory of the application. Changing this
author	Aaron Conole <aconole@redhat.com>	2016-04-29 13:44:02 -0400
committer	Daniele Di Proietto <diproiettod@vmware.com>	2016-04-29 15:07:39 -0700
commit	d8a8f353c23ee9bdcead2c3963819aba0701a595 (patch)
tree	71204ad42e152736a221a9f3292af9755569315d /vswitchd
parent	bab6940971336510c1f4342cde0bc17da46b99f1 (diff)
download	openvswitch-d8a8f353c23ee9bdcead2c3963819aba0701a595.tar.gz