From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MhVCE-0002ZG-VG
	for qemu-devel@nongnu.org; Sat, 29 Aug 2009 17:10:51 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MhVCA-0002Xt-5Q
	for qemu-devel@nongnu.org; Sat, 29 Aug 2009 17:10:50 -0400
Received: from [199.232.76.173] (port=58971 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MhVC9-0002Xq-UL
	for qemu-devel@nongnu.org; Sat, 29 Aug 2009 17:10:45 -0400
Received: from mail.gmx.net ([213.165.64.20]:34673)
	by monty-python.gnu.org with smtp (Exim 4.60)
	(envelope-from <c-d.hailfinger.devel.2006@gmx.net>)
	id 1MhVC9-0004Nc-C9
	for qemu-devel@nongnu.org; Sat, 29 Aug 2009 17:10:45 -0400
Message-ID: <4A999952.1030505@gmx.net>
Date: Sat, 29 Aug 2009 23:10:42 +0200
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5
References: <19074.63829.151234.423348@mariner.uk.xensource.com>	<200908282021.45227.bique.alexandre@gmail.com>
	<4A9982EC.9000509@gmx.net> <4A99946F.9040307@codemonkey.ws>
In-Reply-To: <4A99946F.9040307@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>, qemu-devel@nongnu.org, Bique Alexandre <bique.alexandre@gmail.com>

On 29.08.2009 22:49, Anthony Liguori wrote:
> Carl-Daniel Hailfinger wrote:
>> On 28.08.2009 22:21, Bique Alexandre wrote:
>>  
>>> On Wednesday 12 August 2009 17:18:13 Ian Jackson wrote:
>>>      
>>>>> Also, I think Paul and I both requested that fw upgrade not be
>>>>> disabled by default.
>>>>>               
>>>> As previously discussed I think this is a mistake, but it's a decision
>>>> for qemu upstream to make so I have changed this. 
>>
>> Anyone up for writing a security advisory about this?
>
> Eh?
>
> If you do hardware passthrough, the guest can mess up the device. 
> This is always going to be true and it's a security problem IMHO to
> make the user think anything other than that.

The guest can also mess up other devices with the help of specially
crafted firmware. So even if the user does not care about the effects on
a particular device, a firmware upgrade might affect other devices
(which are not used by Qemu in any way) as well. As a result, this is
essentially a "break out of qemu or DoS the machine under certain
conditions" feature. If that particular side effect / feature is
documented, users who read the documentation won't get any nasty surprises.
If that's what you intended to say, I apologize for the misunderstanding.

Regards,
Carl-Daniel

> Regards,
>
> Anthony Liguori