From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1BaycP-0003EQ-Bp for qemu-devel@nongnu.org; Thu, 17 Jun 2004 11:15:57 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1BaycN-0003EE-PG for qemu-devel@nongnu.org; Thu, 17 Jun 2004 11:15:57 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1BaycN-0003EB-NI for qemu-devel@nongnu.org; Thu, 17 Jun 2004 11:15:55 -0400 Received: from [130.136.10.114] (helo=pob.cs.unibo.it) by monty-python.gnu.org with esmtp (Exim 4.34) id 1Bayar-00046z-70 for qemu-devel@nongnu.org; Thu, 17 Jun 2004 11:14:21 -0400 Date: Thu, 17 Jun 2004 17:14:18 +0200 Subject: Re: [Qemu-devel] [PATCH] Security house-cleaning Message-ID: <20040617151418.GD27872@cs.unibo.it> References: <20040617043838.GA1938@sentinelchicken.org> <1087484840.21569.108.camel@sherbert> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1087484840.21569.108.camel@sherbert> From: renzo@cs.unibo.it (Renzo Davoli) Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Thu, Jun 17, 2004 at 04:07:20PM +0100, Gianni Tedesco wrote: > Thats only worrisome from a security perspective if qemu was designed to > run SUID, which I doubt that it is... Of course it's a bug and needs > fixing though. One of the main pros of Qemu (among the others) it that it has been designed NOT to run SUID. The only piece of code that need root access is tuntap networking. This problem can be circunvented by: - using sudo for tuntap - using user net (a.k.a slirp) - using vde. renzo