From: Anthony Liguori <aliguori@linux.vnet.ibm.com>
To: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Cc: Maneesh Soni <maneesh@in.ibm.com>,
Reinhard Buendgen <BEUNDGEN@de.ibm.com>,
qemu-devel@nongnu.org, Michael Mueller <mimu@de.ibm.com>,
Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Subject: Re: [Qemu-devel] [patch 2/3] QEMU-C-F: Introducing qemu userspace tool qemu-core-filter.
Date: Tue, 22 Jun 2010 08:02:48 -0500 [thread overview]
Message-ID: <4C20B478.4020701@linux.vnet.ibm.com> (raw)
In-Reply-To: <20100622040154.GC27051@in.ibm.com>
Hrm, the way you've sent this patch makes Thunderbird unhappy. It
appears the whole thing is treated as an attachment. In the future, I'd
suggest avoiding the Content-Disposition tag
On 06/21/2010 11:01 PM, Mahesh Salgaonkar wrote:
> Qemu userspace tool to filter out guest OS memory from qemu core file.
> Use '--enable-core-filter' option while running ./configure script to build
> qemu-core-filter tool. This is a post-processing tool works offline on qemu
> coredumps. This tool helps to reuce the size of qemu core file (generated by
> qemu crash) by removing guest OS memory from original core file.
>
> Currently it is only supported for Linux on x86 and x86_64.
>
There are a few problems with a tool like this. The first is that it
depends on very specific internals of qemu (namely, the way we allocate
ram). If we applied this, we would get subtle breakages if we made even
the slightest changes to qemu.
IMHO, the value is also questionable. There is quite a bit of sensitive
data left in the core file after removing guest memory. Any DMA buffer
may contain very sensitive data (for instance, if you crash during a
read of /etc/shadow). Even the CPU registers can contain sensitive data.
I think the only really viable approach to this problem is to take a
white list approach instead of a black list approach. That means
extracting useful information that we're reasonably confident preserves
privacy. That would be information like a back trace, the crash
reason, etc. Tools like apport and ABT already do exactly this and
they also present an interface to the user to validate the data before
sending it. They also provide a way to collect other information (like
host dmesg).
Regards,
Anthony Liguori
next prev parent reply other threads:[~2010-06-22 13:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20100622040018.044362998@mars.in.ibm.com>
2010-06-22 4:01 ` [Qemu-devel] [patch 1/3] QEMU-C-F: Bring up the elf.h header up-to-date with latest glibc elf.h header Mahesh Salgaonkar
2010-06-22 4:01 ` [Qemu-devel] [patch 2/3] QEMU-C-F: Introducing qemu userspace tool qemu-core-filter Mahesh Salgaonkar
2010-06-22 13:02 ` Anthony Liguori [this message]
2010-06-25 12:38 ` Mahesh Jagannath Salgaonkar
2010-06-22 4:02 ` [Qemu-devel] [patch 3/3] QEMU-C-F: qemu-core-filter documentation Mahesh Salgaonkar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C20B478.4020701@linux.vnet.ibm.com \
--to=aliguori@linux.vnet.ibm.com \
--cc=BEUNDGEN@de.ibm.com \
--cc=ananth@in.ibm.com \
--cc=mahesh@linux.vnet.ibm.com \
--cc=maneesh@in.ibm.com \
--cc=mimu@de.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.