From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:49860)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TfVmz-0001UE-L2
	for qemu-devel@nongnu.org; Mon, 03 Dec 2012 08:10:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TfVmv-0005CU-L7
	for qemu-devel@nongnu.org; Mon, 03 Dec 2012 08:10:25 -0500
Received: from mail-ee0-f45.google.com ([74.125.83.45]:59083)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TfVmv-0005CG-Ei
	for qemu-devel@nongnu.org; Mon, 03 Dec 2012 08:10:21 -0500
Received: by mail-ee0-f45.google.com with SMTP id d49so1691950eek.4
	for <qemu-devel@nongnu.org>; Mon, 03 Dec 2012 05:10:20 -0800 (PST)
Date: Mon, 3 Dec 2012 14:10:18 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20121203131018.GA12912@stefanha-thinkpad.redhat.com>
References: <5076E640.4090003@linux.vnet.ibm.com>
	<1350024543-26211-1-git-send-email-mike@dev-zero.net>
	<50B85BEA.6000107@dev-zero.net> <50B8C442.70007@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <50B8C442.70007@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for
	qemu-bridge-helper
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Mike Lovell <mike@dev-zero.net>, qemu-devel@nongnu.org

On Fri, Nov 30, 2012 at 03:35:46PM +0100, Paolo Bonzini wrote:
> Il 30/11/2012 08:10, Mike Lovell ha scritto:
> > On 10/12/2012 12:49 AM, Mike Lovell wrote:
> >> This makes a few changes to allow ifname to be specified when using
> >> qemu-bridge-helper with both the bridge and tap network interfaces. It
> >> adds
> >> the --ifname option to qemu-bridge-helper, removes the restriction
> >> that ifname
> >> cannot be specified with helper for the tap interface, and adds logic to
> >> specify the --ifname option when exec'ing the helper.
> >
> > ping ... or syn. any other thoughts about this?
> 
> I share Michael's perplexity.  This feature could be exploitable.
> 
> If we want to add this, the ifname should be subject to ACL rules just
> like bridge names.  For example you could have a special allow/deny
> directive "allow foo@" which allows ifnames starting with "foo".

This is a good idea.  The default should be that you are not allowed to
choose arbitrary interface names.

Stefan