From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=FROM_EXCESS_BASE64, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B72DC606A1 for ; Mon, 8 Jul 2019 09:35:57 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2246420651 for ; Mon, 8 Jul 2019 09:35:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2246420651 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:39798 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hkQ3w-0003UL-Ft for qemu-devel@archiver.kernel.org; Mon, 08 Jul 2019 05:35:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48418) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hkQ2P-0002GC-VN for qemu-devel@nongnu.org; Mon, 08 Jul 2019 05:34:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hkQ2O-0005yM-JV for qemu-devel@nongnu.org; Mon, 08 Jul 2019 05:34:21 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40578) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hkQ2L-0005sQ-CK for qemu-devel@nongnu.org; Mon, 08 Jul 2019 05:34:18 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B152B30C0DD9 for ; Mon, 8 Jul 2019 09:34:07 +0000 (UTC) Received: from redhat.com (unknown [10.42.17.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 57D311838C; Mon, 8 Jul 2019 09:34:02 +0000 (UTC) Date: Mon, 8 Jul 2019 10:34:00 +0100 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: Markus Armbruster Message-ID: <20190708093400.GB3082@redhat.com> References: <20190703171005.26231-1-philmd@redhat.com> <20190703172501.GI23082@redhat.com> <20190704102457.GE1609@stefanha-x1.localdomain> <20190704102837.GA24190@redhat.com> <20190705080717.GD10995@stefanha-x1.localdomain> <8470a203-430b-1814-b2ef-6adf3fa739a6@redhat.com> <87d0iok4ai.fsf@dusky.pond.sub.org> <874l3zhktx.fsf@dusky.pond.sub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <874l3zhktx.fsf@dusky.pond.sub.org> User-Agent: Mutt/1.12.0 (2019-05-25) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Mon, 08 Jul 2019 09:34:07 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Cc: Philippe =?utf-8?Q?Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org, Stefan Hajnoczi Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Sat, Jul 06, 2019 at 06:02:18AM +0200, Markus Armbruster wrote: > Philippe Mathieu-Daud=C3=A9 writes: >=20 > > On 7/5/19 3:19 PM, Markus Armbruster wrote: > >> Philippe Mathieu-Daud=C3=A9 writes: > >>> On 7/5/19 10:07 AM, Stefan Hajnoczi wrote: > >>>> On Thu, Jul 04, 2019 at 11:28:37AM +0100, Daniel P. Berrang=C3=A9 = wrote: > >>>>> On Thu, Jul 04, 2019 at 11:24:57AM +0100, Stefan Hajnoczi wrote: > [...] > >>>>>> What is the concern about adding these environment variables to = QEMU? > >>>>>> > >>>>>> It is convenient to be able to use tracing even if QEMU is invok= ed by > >>>>>> something you cannot modify/control. > >>>>>> > >>>>>> The main issues I see with environment variables are: > >>>>>> > >>>>>> 1. Security. Is there a scenario where an attacker can use envi= ronment > >>>>>> variables to influence the behavior of a QEMU process running= at a > >>>>>> different trust level? > >>=20 > >> The common (and sad) solution for this is to require whatever runs $= PROG > >> at a different trust level to scrub the environment. > > > > I hope people concerned by security build QEMU with the NOP trace bac= kend. >=20 > I sure hope at least one of our tracing backends (other than nop) can b= e > used safely in production. AFAIK, *all* of the trace backends are safe for use in production. The only questions are around performance in production. If anyone knows of any security problems with specific backends we should either address the= m, or document the backend is unsafe. Regards, Daniel --=20 |: https://berrange.com -o- https://www.flickr.com/photos/dberran= ge :| |: https://libvirt.org -o- https://fstop138.berrange.c= om :| |: https://entangle-photo.org -o- https://www.instagram.com/dberran= ge :|