Re: Ask for suggestions for CVE-2019-12928

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: 江芳杰 <18401698361@126.com>,
	berrange@redhat.com, qemu-devel@nongnu.org,
	pjp@fedoraproject.org
Subject: Re: Ask for suggestions for CVE-2019-12928
Date: Wed, 20 Jan 2021 08:59:21 +0100	[thread overview]
Message-ID: <87lfcoqbs6.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20210119201747.GE3888@work-vm> (David Alan Gilbert's message of "Tue, 19 Jan 2021 20:17:47 +0000")

"Dr. David Alan Gilbert" <dgilbert@redhat.com> writes:

> * 江芳杰 (18401698361@126.com) wrote:
>> Hi:
>>     Sorry to bother you~
>>     I have read the discussions about CVE--2019-12928 ( https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg01153.html).
>> But, for the scenario of PC users, which is no requirement of network access to QMP, there are some mitigating proposes.
>> 1. Modify the compilation options to disable QMP.
>> 2. Modify command line parsing function to discard the QMP parameters with network configurations.
>> 3. PC manager or other manage software make sure only the trusted user can use QMP.
>> 4. Other ideas?
>
> QMP is a useful part of QEMU - so we don't want to do 1 - we need it to
> let things control QEMU; including configuring complex setups.

Compiling out QMP gains you exactly nothing unless you also compile out
HMP.  And then you're left without a way to monitor a running QEMU.
Similarly useful (but not nearly as secure) as not running QEMU at all
;)

> The important part is (3) - anything that runs a qemu must make sure it
> wires the QMP up securely; e.g. using unix sockets with appropriate
> permissions or something like that.
>
> As long as they do that, then we're fine.

Yup.

Regarding 4.: making insecure misconfiguration harder might be worth
exploring.

     prev parent reply	other threads:[~2021-01-20  8:00 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <74ca794a.6063.176f21e2fca.Coremail.18401698361@126.com>
2021-01-11 16:22 ` Ask for suggestions for CVE-2019-12928 Daniel P. Berrangé
2021-01-19 20:17 ` Dr. David Alan Gilbert
2021-01-20  7:59   ` Markus Armbruster [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87lfcoqbs6.fsf@dusky.pond.sub.org \
    --to=armbru@redhat.com \
    --cc=18401698361@126.com \
    --cc=berrange@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=pjp@fedoraproject.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.