From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MdhHX-0002tn-F0
	for qemu-devel@nongnu.org; Wed, 19 Aug 2009 05:16:35 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MdhHS-0002pf-EP
	for qemu-devel@nongnu.org; Wed, 19 Aug 2009 05:16:34 -0400
Received: from [199.232.76.173] (port=59745 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MdhHS-0002pa-6E
	for qemu-devel@nongnu.org; Wed, 19 Aug 2009 05:16:30 -0400
Received: from mail.gmx.net ([213.165.64.20]:54564)
	by monty-python.gnu.org with smtp (Exim 4.60)
	(envelope-from <Reimar.Doeffinger@gmx.de>) id 1MdhHR-00058q-K6
	for qemu-devel@nongnu.org; Wed, 19 Aug 2009 05:16:30 -0400
Date: Wed, 19 Aug 2009 11:16:22 +0200
From: Reimar =?iso-8859-1?Q?D=F6ffinger?= <Reimar.Doeffinger@gmx.de>
Subject: Re: [Qemu-devel] Re: [PATCH 5/5] Port apic to new VMState design
Message-ID: <20090819091622.GA10557@1und1.de>
References: <cover.1250601335.git.quintela@redhat.com>
	<a3855a79d668644c469314af26cc3b4e67ae0054.1250601335.git.quintela@redhat.com>
	<20090818142405.GA16563@1und1.de> <m37hx1tc9l.fsf@neno.mitica>
	<20090818152112.GA5483@1und1.de> <4A8BB101.9000305@redhat.com>
	<20090819085334.GA31062@1und1.de> <4A8BC0C7.4010806@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <4A8BC0C7.4010806@redhat.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org

On Wed, Aug 19, 2009 at 11:07:19AM +0200, Gerd Hoffmann wrote:
> >> When you are able modify the savevm state you already have access to the
> >> host ...
> >
> > Huh? Being able to modify the savevm state is not the same as being able
> > to run arbitrary code on the host.
> 
> Yes, in theory.  And in practice?  What is the point in allowing remote 
> write access to savevm state?

E.g. migration between entities that do not 100% trust each other?
Or debugging, a user does savevm and a developer can look at it and
debug after loadvm?

> > Currently there is no way you could even consider running a savevm from
> > an untrusted source, but I think that is just because of qemu's current
> > implementation, not because it has to be.
> 
> Getting that right is a pretty big job though ...

I said that already, but I don't think that's a valid excuse to not
consider that _for the design of a new API_. Unless you enjoy designing
a new API every few months...