From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:54672)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1RISo6-0003H1-Bs
	for qemu-devel@nongnu.org; Mon, 24 Oct 2011 18:15:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1RISo5-0005zp-9v
	for qemu-devel@nongnu.org; Mon, 24 Oct 2011 18:15:46 -0400
Received: from e7.ny.us.ibm.com ([32.97.182.137]:35598)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1RISo5-0005zj-7S
	for qemu-devel@nongnu.org; Mon, 24 Oct 2011 18:15:45 -0400
Received: from /spool/local
	by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <aliguori@us.ibm.com>;
	Mon, 24 Oct 2011 18:15:43 -0400
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
	by d01relay05.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	p9OMF4i6127026
	for <qemu-devel@nongnu.org>; Mon, 24 Oct 2011 18:15:04 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1])
	by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	p9OMF48m002533
	for <qemu-devel@nongnu.org>; Mon, 24 Oct 2011 20:15:04 -0200
Message-ID: <4EA5E366.9070000@us.ibm.com>
Date: Mon, 24 Oct 2011 17:15:02 -0500
From: Anthony Liguori <aliguori@us.ibm.com>
MIME-Version: 1.0
References: <1319209643-3866-1-git-send-email-coreyb@linux.vnet.ibm.com>	<1319209643-3866-4-git-send-email-coreyb@linux.vnet.ibm.com>	<CAAu8pHt0NGGEv7cpdvdtBc7Hrp2XBjJo79ce1RghVextptdVHA@mail.gmail.com>	<4EA5729C.60509@linux.vnet.ibm.com>	<CAAu8pHu45eWhUK146Qp2f8VNA02kNq7=XqWkx8ynT2Madm2xsA@mail.gmail.com>	<4EA5B0BC.10203@linux.vnet.ibm.com>	<CAAu8pHvkc_FsE-5HODFxqxQjEDDHYATtq9uSLNgdc=VmeS91pg@mail.gmail.com>	<4EA5B8E5.6040306@linux.vnet.ibm.com>
	<4EA5BAA1.9010507@us.ibm.com> <4EA5C8A2.2040501@linux.vnet.ibm.com>
In-Reply-To: <4EA5C8A2.2040501@linux.vnet.ibm.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2 3/4] Add cap reduction support to enable
 use as SUID
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: Blue Swirl <blauwirbel@gmail.com>, rmarwah@linux.vnet.ibm.com, qemu-devel@nongnu.org

On 10/24/2011 03:20 PM, Corey Bryant wrote:
> On 10/24/2011 03:21 PM, Anthony Liguori wrote:
>> On 10/24/2011 02:13 PM, Corey Bryant wrote:
>>>> Right, it's not desirable, but isn't that the best we can do without
>>>> libcap or FS capabilities?
>>>>
>>>
>>> I think the best we can do is not let it run in those cases. :) I'd
>>> like see if
>>> others in the community have an opinion on this though.
>>
>> IMHO, it should work as an setuid binary maintaining root privileges. As
>> long as it's a small binary (which it is) and is easy to audit, it
>> should be safe.
>>
>> Regards,
>>
>> Anthony Liguori
>>
>>
>
> Alright, I'll concede on this. I'll run a static analyzer on the code and let it
> run as root if libcap-ng is not configured.
>
> It would be nice to also cut an audit record, but I'm not seeing a precedence
> for doing that in QEMU. Any thoughts?

I'd be happy with just a hand full of Reviewed-by's from regular contributors.

Regards,

Anthony Liguori

>