From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:49218)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1QSzLu-0005Om-EW
	for qemu-devel@nongnu.org; Sat, 04 Jun 2011 18:29:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1QSzLt-0005up-CA
	for qemu-devel@nongnu.org; Sat, 04 Jun 2011 18:29:54 -0400
Received: from e4.ny.us.ibm.com ([32.97.182.144]:51077)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1QSzLt-0005ul-8t
	for qemu-devel@nongnu.org; Sat, 04 Jun 2011 18:29:53 -0400
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by e4.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p54M8SYv013191
	for <qemu-devel@nongnu.org>; Sat, 4 Jun 2011 18:08:28 -0400
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
	by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	p54MThdB097570
	for <qemu-devel@nongnu.org>; Sat, 4 Jun 2011 18:29:44 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1])
	by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	p54ITVkc018180
	for <qemu-devel@nongnu.org>; Sat, 4 Jun 2011 15:29:32 -0300
Message-ID: <4DEAB1D5.4050106@us.ibm.com>
Date: Sat, 04 Jun 2011 17:29:41 -0500
From: Anthony Liguori <aliguori@us.ibm.com>
MIME-Version: 1.0
References: <1307141286-9392-1-git-send-email-mdroth@linux.vnet.ibm.com>
	<1307141286-9392-6-git-send-email-mdroth@linux.vnet.ibm.com>
	<m2tyc5s6kn.fsf@firstfloor.org>
In-Reply-To: <m2tyc5s6kn.fsf@firstfloor.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v4][ 5/7] guest agent: add guest agent
	RPCs/commands
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Andi Kleen <andi@firstfloor.org>
Cc: Jes.Sorensen@redhat.com, lcapitulino@redhat.com, agl@linux.vnet.ibm.com, Michael Roth <mdroth@linux.vnet.ibm.com>, qemu-devel@nongnu.org

On 06/04/2011 03:08 PM, Andi Kleen wrote:
> Michael Roth<mdroth@linux.vnet.ibm.com>  writes:
>> +
>> +int64_t qmp_guest_file_open(const char *filename, const char *mode, Error **err)
>> +{
>> +    FILE *fh;
>> +    int fd, ret;
>> +    int64_t id = -1;
>> +
>> +    if (!logging_enabled()) {
>> +        error_set(err, QERR_QGA_LOGGING_FAILED);
>> +        goto out;
>> +    }
>> +    slog("guest-file-open called, filename: %s, mode: %s", filename, mode);
>> +    fh = fopen(filename, mode);
>> +    if (!fh) {
>> +        error_set(err, QERR_OPEN_FILE_FAILED, filename);
>> +        goto out;
>> +    }
>
> Does this really allow a guest to open any host file ?!?

It does the opposite.  The host can open files in the guest.  Since the 
host can see the disk image of the guest anyway, it already could do 
this albeit it in a more convoluted way.

Regards,

Anthony Liguroi

> Have you considered all the security implications of that?
>
> -Andi
>