[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QEMU Various Vulnerabilities
|
From: |
malc |
|
Subject: |
Re: [Qemu-devel] QEMU Various Vulnerabilities |
|
Date: |
Fri, 4 May 2007 01:13:19 +0400 (MSD) |
On Thu, 3 May 2007, Juergen Lock wrote:
In article <address@hidden> Kirill A. Shutemov wrote:
On [Wed, 02.05.2007 18:21], malc wrote:
On Wed, 2 May 2007, Kirill A. Shutemov wrote:
=20
http://secunia.com/advisories/25073/
Any comments ?
=20
AAM - http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
SB16/DMA - in attachment
Thanks. Other Vulnerabilities?
Yesterday I added the debian security patch (90_security.patch from
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
) to the FreeBSD qemu ports (had to modify it slightly), cvsweb location
of the one for qemu 0.9.0 is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/patch-90_security
and the one for the 20070405 cvs snapshot is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-90_security
(I haven't checked if it still applies to today's cvs, but it might :)
I also disabled the -vmwarevga acceleration code because of the missing
range checks, cvsweb of that patch is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-hw-vmware_vga.c
SB16 patch is wrong - doesn't account for the fact that block_size can be
negative. As for DMA, the way it's done in the patch above is more in line
of what can (probably) be expected of real hardware, but emulators can do
better, basically the two approaches are at the extremes - the above is
way to silent while mine will be way to chatty.
--
vale