From: malc <av1474@comtv.ru>
To: qemu-devel@nongnu.org
Cc: k.shutemov@velesys.com
Subject: Re: [Qemu-devel] QEMU Various Vulnerabilities
Date: Fri, 4 May 2007 01:13:19 +0400 (MSD) [thread overview]
Message-ID: <Pine.LNX.4.64.0705040107590.4078@linmac.oyster.ru> (raw)
In-Reply-To: <200705031922.l43JM81x019120@saturn.kn-bremen.de>
On Thu, 3 May 2007, Juergen Lock wrote:
> In article <20070503081454.GA17577@localhost.localdomain> Kirill A. Shutemov wrote:
>> On [Wed, 02.05.2007 18:21], malc wrote:
>>> On Wed, 2 May 2007, Kirill A. Shutemov wrote:
>>> =20
>>>> http://secunia.com/advisories/25073/
>>>>
>>>> Any comments ?
>>> =20
>>> AAM - http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
>>> SB16/DMA - in attachment
>>
>> Thanks. Other Vulnerabilities?
>
> Yesterday I added the debian security patch (90_security.patch from
> http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
> ) to the FreeBSD qemu ports (had to modify it slightly), cvsweb location
> of the one for qemu 0.9.0 is here,
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/patch-90_security
> and the one for the 20070405 cvs snapshot is here,
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-90_security
> (I haven't checked if it still applies to today's cvs, but it might :)
>
> I also disabled the -vmwarevga acceleration code because of the missing
> range checks, cvsweb of that patch is here,
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-hw-vmware_vga.c
SB16 patch is wrong - doesn't account for the fact that block_size can be
negative. As for DMA, the way it's done in the patch above is more in line
of what can (probably) be expected of real hardware, but emulators can do
better, basically the two approaches are at the extremes - the above is
way to silent while mine will be way to chatty.
--
vale
prev parent reply other threads:[~2007-05-03 21:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-02 12:51 [Qemu-devel] QEMU Various Vulnerabilities Kirill A. Shutemov
2007-05-02 14:22 ` malc
2007-05-03 8:14 ` Kirill A. Shutemov
2007-05-03 19:22 ` Juergen Lock
2007-05-03 21:13 ` malc [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0705040107590.4078@linmac.oyster.ru \
--to=av1474@comtv.ru \
--cc=k.shutemov@velesys.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).