From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Daniel P. Berrange" Subject: Re: Ways to exit from kvm on behalf of the quest system? Date: Wed, 1 Aug 2007 17:57:50 +0100 Message-ID: <20070801165750.GH31282@redhat.com> References: <200708010047.36600.amit.shah@qumranet.com> <46B0B779.5050407@qumranet.com> Reply-To: "Daniel P. Berrange" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Dimitry Golubovsky Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: kvm.vger.kernel.org On Wed, Aug 01, 2007 at 12:48:51PM -0400, Dimitry Golubovsky wrote: > OK, I'll try to summarize that. However I'd also like to make a > feature request: a virtual character device (sort of a virtual serial > line) that the guest OS might use to communicate with the QEMU > monitor. That might solve many problems. Unless you whitelist which monitor commands it can run this would be a significant security hole. eg a guest could run 'usb_add disk /some/path' To get access to arbitrary files & disks from the host. Dan, -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/