From nobody Tue Feb 10 14:49:36 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1614619784; cv=none; d=zohomail.com; s=zohoarc; b=FsEdP9HZtfk3hBZ5L4iUDl1G0c0ppZ8Qf/UPf8BYAFRs0KFEYcXAyGnap12gz1PZkLFoHxYLcgGxF7aDfgfFhOno64oo9HzGn2dq/l5Lcfmqn5c3Oc2iQLFYLlYS4i9xDv6UX7ibsM82Gx2OIS/sIBkQZlzRAO+h6QQYwR19CIg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614619784; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+h3J6lyrpjo1RCh6voyew/14pVr4vkeu6sfRh9qJ2o0=; b=R6m6pejanbJoIaxH3z6AsGNmFDjAM4b+ILQ7BCRe7h/ll8gbOt2BowJdZWKybUYLA91vWImZvVW7KWXpsXYrrXydMu6uzNSxeVtH2Ja+I3Xtx6gA/g5ckNd69AFOCVhl2u/hztgpzAEhhMqxOospxu/fv6u55wyN8euGkUBWOUQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1614619784765591.1335237664322; Mon, 1 Mar 2021 09:29:44 -0800 (PST) Received: from localhost ([::1]:47554 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lGmMZ-0008B8-F6 for importer@patchew.org; Mon, 01 Mar 2021 12:29:43 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:39564) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGmKl-0006r4-B8 for qemu-devel@nongnu.org; Mon, 01 Mar 2021 12:27:52 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:43256) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1lGmKi-0002qG-EG for qemu-devel@nongnu.org; Mon, 01 Mar 2021 12:27:51 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-179-SSguEFBGMxuYi3Ina3W-Ng-1; Mon, 01 Mar 2021 12:27:45 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A2D9B80197C; Mon, 1 Mar 2021 17:27:44 +0000 (UTC) Received: from localhost (ovpn-115-54.ams2.redhat.com [10.36.115.54]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3F7305D6CF; Mon, 1 Mar 2021 17:27:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1614619667; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+h3J6lyrpjo1RCh6voyew/14pVr4vkeu6sfRh9qJ2o0=; b=dPUCQG/+4KasVAJuHf90Bz+Ob+75DGAZ07nFSz9495+7KtKRBS3/tu91yDRv6eyo1pSz5H k3JI9OzjOBsbuoth6pCxdlR7jABxIV410wCWftXTIJ3e9mNDLm0xVFPsPp4BCPXSoO2wWd De7M5qq8+lR716B64n3ls58/pkANzGQ= X-MC-Unique: SSguEFBGMxuYi3Ina3W-Ng-1 From: Stefan Hajnoczi To: qemu-devel@nongnu.org Subject: [PATCH v3 2/2] docs: replace insecure /tmp examples in qsd docs Date: Mon, 1 Mar 2021 17:27:28 +0000 Message-Id: <20210301172728.135331-3-stefanha@redhat.com> In-Reply-To: <20210301172728.135331-1-stefanha@redhat.com> References: <20210301172728.135331-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=stefanha@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=stefanha@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Stefan Hajnoczi , qemu-block@nongnu.org, "Richard W . M . Jones" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" World-writeable directories have security issues. Avoid showing them in the documentation since someone might accidentally use them in situations where they are insecure. There tend to be 3 security problems: 1. Denial of service. An adversary may be able to create the file beforehand, consume all space/inodes, etc to sabotage us. 2. Impersonation. An adversary may be able to create a listen socket and accept incoming connections that were meant for us. 3. Unauthenticated client access. An adversary may be able to connect to us if we did not set the uid/gid and permissions correctly. These can be prevented or mitigated with private /tmp, carefully setting the umask, etc but that requires special action and does not apply to all situations. Just avoid using /tmp in examples. Reported-by: Richard W.M. Jones Reported-by: Daniel P. Berrang=C3=A9 Signed-off-by: Stefan Hajnoczi Reviewed-by: Richard W.M. Jones --- docs/tools/qemu-storage-daemon.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/tools/qemu-storage-daemon.rst b/docs/tools/qemu-storage-d= aemon.rst index 789a8e4a75..2da28a447a 100644 --- a/docs/tools/qemu-storage-daemon.rst +++ b/docs/tools/qemu-storage-daemon.rst @@ -69,7 +69,7 @@ Standard options: a description of character device properties. A common character device definition configures a UNIX domain socket:: =20 - --chardev socket,id=3Dchar1,path=3D/tmp/qmp.sock,server,nowait + --chardev socket,id=3Dchar1,path=3D/var/run/qsd-qmp.sock,server,nowait =20 .. option:: --export [type=3D]nbd,id=3D,node-name=3D[,name= =3D][,writable=3Don|off][,bitmap=3D] --export [type=3D]vhost-user-blk,id=3D,node-name=3D,addr.= type=3Dunix,addr.path=3D[,writable=3Don|off][,logical-block-si= ze=3D][,num-queues=3D] @@ -108,9 +108,10 @@ Standard options: below). TLS encryption can be configured using ``--object`` tls-creds-* = and authz-* secrets (see below). =20 - To configure an NBD server on UNIX domain socket path ``/tmp/nbd.sock``:: + To configure an NBD server on UNIX domain socket path + ``/var/run/qsd-nbd.sock``:: =20 - --nbd-server addr.type=3Dunix,addr.path=3D/tmp/nbd.sock + --nbd-server addr.type=3Dunix,addr.path=3D/var/run/qsd-nbd.sock =20 .. option:: --object help --object ,help --=20 2.29.2