From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=37683 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P7zmo-0000N1-IQ
	for qemu-devel@nongnu.org; Mon, 18 Oct 2010 20:10:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1P7zmn-0005tx-4u
	for qemu-devel@nongnu.org; Mon, 18 Oct 2010 20:10:38 -0400
Received: from mail-qw0-f45.google.com ([209.85.216.45]:57829)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1P7zmn-0005tk-24
	for qemu-devel@nongnu.org; Mon, 18 Oct 2010 20:10:37 -0400
Received: by qwh5 with SMTP id 5so1193180qwh.4
	for <qemu-devel@nongnu.org>; Mon, 18 Oct 2010 17:10:36 -0700 (PDT)
Message-ID: <4CBCE1F7.5000304@codemonkey.ws>
Date: Mon, 18 Oct 2010 19:10:31 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5
References: <19074.63829.151234.423348@mariner.uk.xensource.com>	<200908282021.45227.bique.alexandre@gmail.com>	<4A9982EC.9000509@gmx.net>
	<4A99946F.9040307@codemonkey.ws>	<4A999952.1030505@gmx.net>
	<4A99C44E.4070906@codemonkey.ws>
	<DB3D4335-B29E-403F-9670-C82D5133EE52@suse.de>
In-Reply-To: <DB3D4335-B29E-403F-9670-C82D5133EE52@suse.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>, Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>, Bique Alexandre <bique.alexandre@gmail.com>, qemu-devel@nongnu.org

On 10/18/2010 06:29 PM, Alexander Graf wrote:
>> A user will get a really nasty surprise if they think they can use a flag or rely on QEMU to prevent a VM from doing something nasty with a device.  If they have this feeling of security, they're likely to chmod the device to allow unprivileged users to access it.
>>
>> But how a device handles ATAPI commands is totally up to the device.  If you issue the wrong sequence, I'm sure there are devices out there that totally hose themselves.  Are you absolutely confident that every ATAPI device out there is completely safe against hostile code provided that you simply prevent the FW update commands?  I'm certainly not.
>>      
> Ping?
>    

Who are you pinging?

Regards,

Anthony Liguori

> Alex
>
>
>