From: Alexandre Bique <bique.alexandre@gmail.com>
To: Stuart Brady <sdbrady@ntlworld.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Date: Tue, 7 Jul 2009 21:21:28 +0000 [thread overview]
Message-ID: <5d3bb3090907071421i506a2f0bh5aca170c35a26f62@mail.gmail.com> (raw)
In-Reply-To: <20090707200327.GA3902@miranda.arrow>
Hi Stuart Brady,
On Tue, Jul 7, 2009 at 8:03 PM, Stuart Brady<sdbrady@ntlworld.com> wrote:
> On Wed, Jul 01, 2009 at 07:31:53PM +0100, Bique Alexandre wrote:
>> I updated my patch according to your previous comments.
>>
>> Changes from my previous version:
>> - split the big patch in 5 patches.
>> - not exporting any private structure
>> - switched to SG_IO and brdv_aio_ioctl()
>> - not including linux/cdrom.h or linux/bsg.h
>> - got some stuff like defines and request_sense structure from linux/cdrom.h
>
> Forgive my ignorance, but does ATAPI passthrough have any security
> implications that should be documented?
The patch doesn't introduce any resource allocation so it will be
difficult to bomb qemu with the ATAPI pass through code.
There is one command to update the firmware of the device. This one is blocked.
The security issue is the same as giving the device (+rw) to a user on
the system.
> I expect that running qemu as root counts as a 'bad idea' (I gather
> that commands are filtered when running as a regular user), but even so,
> I wonder if guests should be prevented from performing firmware updates?
Yeps.
> Obviously, the same questions would apply for SCSI passthrough...
Regards,
--
Alexandre Bique
next prev parent reply other threads:[~2009-07-07 21:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-01 18:31 [Qemu-devel] [PATCH 0/5] ATAPI pass through v2 Bique Alexandre
2009-07-07 20:03 ` Stuart Brady
2009-07-07 21:21 ` Alexandre Bique [this message]
2009-07-07 22:44 ` Paul Brook
2009-07-07 22:50 ` Alexandre Bique
2009-07-07 23:01 ` Anthony Liguori
2009-07-07 23:15 ` Stuart Brady
2009-07-08 16:09 ` Ian Jackson
2009-07-08 16:38 ` Avi Kivity
2009-07-08 17:28 ` Carl-Daniel Hailfinger
2009-07-08 18:03 ` Anthony Liguori
2009-07-08 18:09 ` Avi Kivity
2009-07-08 17:20 ` Anthony Liguori
2009-07-08 17:48 ` Vincent Hanquez
2009-07-08 18:06 ` Anthony Liguori
2009-07-07 22:58 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d3bb3090907071421i506a2f0bh5aca170c35a26f62@mail.gmail.com \
--to=bique.alexandre@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=sdbrady@ntlworld.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).