From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NKHRr-00048A-4P
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 15:23:15 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NKHRm-00044E-FX
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 15:23:14 -0500
Received: from [199.232.76.173] (port=45647 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NKHRm-000444-1k
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 15:23:10 -0500
Received: from mx1.redhat.com ([209.132.183.28]:6818)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <mst@redhat.com>) id 1NKHRl-0007f4-FR
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 15:23:09 -0500
Date: Mon, 14 Dec 2009 22:20:20 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] Re: qdev property bug?
Message-ID: <20091214202019.GF6150@redhat.com>
References: <20091214132423.GB973@redhat.com> <4B263F23.2090601@suse.de>
	<4B2647AF.1030605@codemonkey.ws> <20091214141143.GA1360@redhat.com>
	<20091214141341.GB1360@redhat.com> <4B264AF1.6060802@codemonkey.ws>
	<7FB8DD1225E54176BCAF5523B6AEA89B@FSCPC>
	<4B26931E.4000101@codemonkey.ws> <20091214194210.GB6150@redhat.com>
	<4B269933.3010906@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B269933.3010906@codemonkey.ws>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: glommer@redhat.com, qemu-devel@nongnu.org, Alexander Graf <agraf@suse.de>, Kevin O'Connor <kevin@koconnor.net>, Gerd Hoffmann <kraxel@redhat.com>, Sebastian Herbszt <herbszt@gmx.de>

On Mon, Dec 14, 2009 at 01:59:47PM -0600, Anthony Liguori wrote:
> Michael S. Tsirkin wrote:
>> At some level this is wrong. ROM presence is a hardware feature and you
>> definitely need to select your hardware when you create a VM.  For real
>> hardware, cards with PXE are sometimes more expensive than without as
>> they need ROM memory.  People do select hardware based on this.
>>
>> Even when PXE is present in hardware, most BIOS
>> vendors will let you turn it on/off optionally,
>> for security if not for other reasons.
>>
>> What the default should be depends on whether the
>> majority of our users use PXE. I guess not,
>> and if I am right default should be off.
>>   
>
> The real way to pose this question is, what is the impact to users by  
> keeping this on to those that don't use it vs. the cost of turning it  
> off by default for users that do need it.
>
> So far, it's not clear to me that anyone has demonstrated how this is  
> harmful for people that don't want pxe booting.  Assuming we fix the bug  
> about rom loading, then there's really no impact to users.
>
> Regards,
>
> Anthony Liguori

PXE booting might have security impact. You do not want to
do this if you are on a hostile network.

-- 
MST