[workspace-dev] Incorrect file checks in mount-alter.sh
Tim Freeman
tfreeman at mcs.anl.gov
Wed Aug 25 13:21:51 CDT 2010
On Wed, 25 Aug 2010 13:10:19 -0500
Tim Freeman <tfreeman at mcs.anl.gov> wrote:
> On Wed, 25 Aug 2010 08:47:27 -0700
> David LaBissoniere <labisso at uchicago.edu> wrote:
>
> > Steffen,
> >
> > Looks like you are right, good catch. We will fix this up.
>
> I don't think this is actually the case. There is an explicit equals check,
> it would only work if the configured MOUNTPOINT_DIR is also set to something
> like "../../"
Oh, I think I see the case you must mean:
MOUNTPOINT_DIR: /tmp/xyz
OK: /tmp/xyz/../../../xyz/123
I think it was in the workspace-control code (which doesn't matter since it is
pre-sudo). So I agree it needs to be fixed.
This is a good time to mention the general warning that these are sanity
checks: with broad libvirt/xen/kvm powers, the 'blessed' account on the VMM
node has almost total control already so protecting access to that account in
the first place is a top priority.
Tim
More information about the workspace-dev
mailing list