summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Hajnoczi2021-03-01 18:27:28 +0100
committerKevin Wolf2021-03-08 14:55:19 +0100
commite246bf3ddc4d61d03227373fecfdcd4fec3508db (patch)
tree4c288a4187675519e29609c786d3e315d9b4c681
parentdocs: show how to spawn qemu-storage-daemon with fd passing (diff)
downloadqemu-e246bf3ddc4d61d03227373fecfdcd4fec3508db.tar.gz
qemu-e246bf3ddc4d61d03227373fecfdcd4fec3508db.tar.xz
qemu-e246bf3ddc4d61d03227373fecfdcd4fec3508db.zip
docs: replace insecure /tmp examples in qsd docs
World-writeable directories have security issues. Avoid showing them in the documentation since someone might accidentally use them in situations where they are insecure. There tend to be 3 security problems: 1. Denial of service. An adversary may be able to create the file beforehand, consume all space/inodes, etc to sabotage us. 2. Impersonation. An adversary may be able to create a listen socket and accept incoming connections that were meant for us. 3. Unauthenticated client access. An adversary may be able to connect to us if we did not set the uid/gid and permissions correctly. These can be prevented or mitigated with private /tmp, carefully setting the umask, etc but that requires special action and does not apply to all situations. Just avoid using /tmp in examples. Reported-by: Richard W.M. Jones <rjones@redhat.com> Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20210301172728.135331-3-stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-rw-r--r--docs/tools/qemu-storage-daemon.rst7
1 files changed, 4 insertions, 3 deletions
diff --git a/docs/tools/qemu-storage-daemon.rst b/docs/tools/qemu-storage-daemon.rst
index 5714794775..fe3042d609 100644
--- a/docs/tools/qemu-storage-daemon.rst
+++ b/docs/tools/qemu-storage-daemon.rst
@@ -69,7 +69,7 @@ Standard options:
a description of character device properties. A common character device
definition configures a UNIX domain socket::
- --chardev socket,id=char1,path=/tmp/qmp.sock,server=on,wait=off
+ --chardev socket,id=char1,path=/var/run/qsd-qmp.sock,server=on,wait=off
.. option:: --export [type=]nbd,id=<id>,node-name=<node-name>[,name=<export-name>][,writable=on|off][,bitmap=<name>]
--export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,addr.type=unix,addr.path=<socket-path>[,writable=on|off][,logical-block-size=<block-size>][,num-queues=<num-queues>]
@@ -108,9 +108,10 @@ Standard options:
below). TLS encryption can be configured using ``--object`` tls-creds-* and
authz-* secrets (see below).
- To configure an NBD server on UNIX domain socket path ``/tmp/nbd.sock``::
+ To configure an NBD server on UNIX domain socket path
+ ``/var/run/qsd-nbd.sock``::
- --nbd-server addr.type=unix,addr.path=/tmp/nbd.sock
+ --nbd-server addr.type=unix,addr.path=/var/run/qsd-nbd.sock
.. option:: --object help
--object <type>,help