From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1HjilK-0007Tt-IZ
	for qemu-devel@nongnu.org; Thu, 03 May 2007 17:22:54 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1HjilI-0007Th-7b
	for qemu-devel@nongnu.org; Thu, 03 May 2007 17:22:53 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1HjilI-0007Te-2G
	for qemu-devel@nongnu.org; Thu, 03 May 2007 17:22:52 -0400
Received: from comtv.ru ([217.10.32.17])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <av1474@comtv.ru>) id 1Hjiei-00087C-KT
	for qemu-devel@nongnu.org; Thu, 03 May 2007 17:16:04 -0400
Date: Fri, 4 May 2007 01:13:19 +0400 (MSD)
From: malc <av1474@comtv.ru>
Subject: Re: [Qemu-devel] QEMU Various Vulnerabilities
In-Reply-To: <200705031922.l43JM81x019120@saturn.kn-bremen.de>
Message-ID: <Pine.LNX.4.64.0705040107590.4078@linmac.oyster.ru>
References: <20070502125149.GA21232@localhost.localdomain>
	<Pine.LNX.4.64.0705021821200.2810@linmac.oyster.ru>
	<200705031922.l43JM81x019120@saturn.kn-bremen.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: k.shutemov@velesys.com

On Thu, 3 May 2007, Juergen Lock wrote:

> In article <20070503081454.GA17577@localhost.localdomain> Kirill A. Shutemov wrote:
>> On [Wed, 02.05.2007 18:21], malc wrote:
>>> On Wed, 2 May 2007, Kirill A. Shutemov wrote:
>>> =20
>>>> http://secunia.com/advisories/25073/
>>>>
>>>> Any comments ?
>>> =20
>>> AAM - http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
>>> SB16/DMA - in attachment
>>
>> Thanks. Other Vulnerabilities?
>
> Yesterday I added the debian security patch (90_security.patch from
> 	http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
> ) to the FreeBSD qemu ports (had to modify it slightly), cvsweb location
> of the one for qemu 0.9.0 is here,
> 	http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/patch-90_security
> and the one for the 20070405 cvs snapshot is here,
> 	http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-90_security
> (I haven't checked if it still applies to today's cvs, but it might :)
>
> I also disabled the -vmwarevga acceleration code because of the missing
> range checks, cvsweb of that patch is here,
> 	http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-hw-vmware_vga.c

SB16 patch is wrong - doesn't account for the fact that block_size can be
negative. As for DMA, the way it's done in the patch above is more in line
of what can (probably) be expected of real hardware, but emulators can do
better, basically the two approaches are at the extremes - the above is
way to silent while mine will be way to chatty.

-- 
vale