From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:60699)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andi@firstfloor.org>) id 1QSxA2-00076o-O4
	for qemu-devel@nongnu.org; Sat, 04 Jun 2011 16:09:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <andi@firstfloor.org>) id 1QSxA1-0000gk-R1
	for qemu-devel@nongnu.org; Sat, 04 Jun 2011 16:09:30 -0400
Received: from mga03.intel.com ([143.182.124.21]:36978)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andi@firstfloor.org>) id 1QSxA1-0000gd-Gw
	for qemu-devel@nongnu.org; Sat, 04 Jun 2011 16:09:29 -0400
From: Andi Kleen <andi@firstfloor.org>
References: <1307141286-9392-1-git-send-email-mdroth@linux.vnet.ibm.com>
	<1307141286-9392-6-git-send-email-mdroth@linux.vnet.ibm.com>
Date: Sat, 04 Jun 2011 13:08:24 -0700
In-Reply-To: <1307141286-9392-6-git-send-email-mdroth@linux.vnet.ibm.com>
	(Michael Roth's message of "Fri, 3 Jun 2011 17:48:04 -0500")
Message-ID: <m2tyc5s6kn.fsf@firstfloor.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Qemu-devel] [PATCH v4][ 5/7] guest agent: add guest agent
	RPCs/commands
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: aliguori@linux.vnet.ibm.com, lcapitulino@redhat.com, agl@linux.vnet.ibm.com, qemu-devel@nongnu.org, Jes.Sorensen@redhat.com

Michael Roth <mdroth@linux.vnet.ibm.com> writes:
> +
> +int64_t qmp_guest_file_open(const char *filename, const char *mode, Error **err)
> +{
> +    FILE *fh;
> +    int fd, ret;
> +    int64_t id = -1;
> +
> +    if (!logging_enabled()) {
> +        error_set(err, QERR_QGA_LOGGING_FAILED);
> +        goto out;
> +    }
> +    slog("guest-file-open called, filename: %s, mode: %s", filename, mode);
> +    fh = fopen(filename, mode);
> +    if (!fh) {
> +        error_set(err, QERR_OPEN_FILE_FAILED, filename);
> +        goto out;
> +    }

Does this really allow a guest to open any host file ?!?
Have you considered all the security implications of that?

-Andi

-- 
ak@linux.intel.com -- Speaking for myself only