qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Jes Sorensen <Jes.Sorensen@redhat.com>
To: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: agl@linux.vnet.ibm.com, stefanha@linux.vnet.ibm.com,
	abeekhof@redhat.com, qemu-devel@nongnu.org,
	aliguori@linux.vnet.ibm.com, ryanh@us.ibm.com
Subject: [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command
Date: Fri, 10 Dec 2010 07:43:57 +0100	[thread overview]
Message-ID: <4D01CC2D.10706@redhat.com> (raw)
In-Reply-To: <4D01465B.9040200@linux.vnet.ibm.com>

On 12/09/10 22:12, Michael Roth wrote:
> On 12/07/2010 08:26 AM, Jes Sorensen wrote:
>> I believe this suffers from the same architectural problem I mentioned
>> in my comment to 07/21 - you don't restrict the file size, so it could
>> blow up the QEMU process on the host trying to view the wrong file.
> 
> It's restricted on the guest side:
> 
> virtagent-server.c:va_getfile():
> 
>     while ((ret = read(fd, buf, VA_FILEBUF_LEN)) > 0) {
>         file_contents = qemu_realloc(file_contents, count +
> VA_FILEBUF_LEN);
>         memcpy(file_contents + count, buf, ret);
>         count += ret;
>         if (count > VA_GETFILE_MAX) {
>             xmlrpc_faultf(env, "max file size (%d bytes) exceeded",
>                           VA_GETFILE_MAX);
>             goto EXIT_CLOSE_BAD;
>         }
>     }

You cannot rely on the guest controlling this. You really have to treat
any guest as hostile and keep control and security in the host,
otherwise a hacked guest could end up attacking the host by blowing up
the host's QEMU process.

Cheers,
Jes

  reply	other threads:[~2010-12-10  6:44 UTC|newest]

Thread overview: 74+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-03 18:03 [Qemu-devel] [RFC][PATCH v5 00/21] virtagent: host/guest RPC communication agent Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 01/21] Move code related to fd handlers into utility functions Michael Roth
2010-12-07 13:31   ` [Qemu-devel] " Jes Sorensen
2010-12-07 14:48     ` Michael Roth
2010-12-07 15:02       ` Jes Sorensen
2010-12-08  9:15         ` Stefan Hajnoczi
2010-12-08  9:17           ` Jes Sorensen
2010-12-08  9:23             ` Stefan Hajnoczi
2010-12-08  9:29               ` Jes Sorensen
2010-12-08 14:24           ` Anthony Liguori
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 02/21] Add qemu_set_fd_handler() wrappers to qemu-tools.c Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 03/21] virtagent: common code for managing client/server rpc jobs Michael Roth
2010-12-06 21:54   ` [Qemu-devel] " Adam Litke
2010-12-06 22:15     ` Michael Roth
2010-12-06 21:57   ` Adam Litke
2010-12-06 22:24     ` Michael Roth
2010-12-07 13:38   ` Jes Sorensen
2010-12-07 15:02     ` Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 04/21] virtagent: transport definitions and job callbacks Michael Roth
2010-12-06 22:02   ` [Qemu-devel] " Adam Litke
2010-12-06 22:34     ` Michael Roth
2010-12-07 13:44   ` Jes Sorensen
2010-12-07 17:19     ` Michael Roth
2010-12-08 19:16       ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 05/21] virtagent: base client definitions Michael Roth
2010-12-07 14:04   ` [Qemu-devel] " Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 06/21] virtagent: base server definitions Michael Roth
2010-12-07 14:07   ` [Qemu-devel] " Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 07/21] virtagent: add va.getfile RPC Michael Roth
2010-12-06 22:06   ` [Qemu-devel] " Adam Litke
2010-12-06 23:23     ` Michael Roth
2010-12-07 14:18   ` Jes Sorensen
2010-12-07 16:00     ` Adam Litke
2010-12-08 19:19       ` Jes Sorensen
2010-12-09 14:40         ` Adam Litke
2010-12-09 21:04           ` Michael Roth
2010-12-10  6:38             ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command Michael Roth
2010-12-06 22:08   ` [Qemu-devel] " Adam Litke
2010-12-06 23:20     ` Michael Roth
2010-12-07 14:09       ` Michael Roth
2010-12-07 14:26   ` Jes Sorensen
2010-12-09 21:12     ` Michael Roth
2010-12-10  6:43       ` Jes Sorensen [this message]
2010-12-10 17:09         ` Michael Roth
2010-12-13  8:29           ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 09/21] virtagent: add va.getdmesg RPC Michael Roth
2010-12-06 22:25   ` [Qemu-devel] " Adam Litke
2010-12-07 14:37   ` Jes Sorensen
2010-12-07 17:32     ` Michael Roth
2010-12-08 19:22       ` Jes Sorensen
2010-12-09 21:15         ` Michael Roth
2010-12-10  6:46           ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 10/21] virtagent: add agent_viewdmesg qmp/hmp commands Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 11/21] virtagent: add va.shutdown RPC Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 12/21] virtagent: add agent_shutdown qmp/hmp commands Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 13/21] virtagent: add va.ping RPC Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 14/21] virtagent: add agent_ping qmp/hmp commands Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 15/21] virtagent: add agent_capabilities " Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 16/21] virtagent: add client capabilities init function Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 17/21] virtagent: add va.hello RPC Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 18/21] virtagent: add "hello" notification function for guest agent Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 19/21] virtagent: add virtagent guest daemon Michael Roth
2010-12-06 22:26   ` [Qemu-devel] " Adam Litke
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 20/21] virtagent: integrate virtagent server/client via chardev Michael Roth
2010-12-07 14:44   ` [Qemu-devel] " Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 21/21] virtagent: various bits to build QEMU with virtagent Michael Roth
2010-12-07 10:24 ` [Qemu-devel] Re: [RFC][PATCH v5 00/21] virtagent: host/guest RPC communication agent Jes Sorensen
2010-12-07 14:29   ` Michael Roth
2010-12-08 10:10 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-09 20:45   ` Michael Roth
2010-12-09 21:03     ` Anthony Liguori
2010-12-10  9:42       ` Stefan Hajnoczi
2010-12-10 10:03     ` Stefan Hajnoczi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D01CC2D.10706@redhat.com \
    --to=jes.sorensen@redhat.com \
    --cc=abeekhof@redhat.com \
    --cc=agl@linux.vnet.ibm.com \
    --cc=aliguori@linux.vnet.ibm.com \
    --cc=mdroth@linux.vnet.ibm.com \
    --cc=qemu-devel@nongnu.org \
    --cc=ryanh@us.ibm.com \
    --cc=stefanha@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).