qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2

From: Alexandre Bique
Subject: Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Date: Tue, 7 Jul 2009 21:21:28 +0000 
Hi Stuart Brady,

On Tue, Jul 7, 2009 at 8:03 PM, Stuart Brady<address@hidden> wrote:
> On Wed, Jul 01, 2009 at 07:31:53PM +0100, Bique Alexandre wrote:
>> I updated my patch according to your previous comments.
>>
>> Changes from my previous version:
>>  - split the big patch in 5 patches.
>>  - not exporting any private structure
>>  - switched to SG_IO and brdv_aio_ioctl()
>>  - not including linux/cdrom.h or linux/bsg.h
>>  - got some stuff like defines and request_sense structure from linux/cdrom.h
>
> Forgive my ignorance, but does ATAPI passthrough have any security
> implications that should be documented?

The patch doesn't introduce any resource allocation so it will be
difficult to bomb qemu with the ATAPI pass through code.
There is one command to update the firmware of the device. This one is blocked.
The security issue is the same as giving the device (+rw) to a user on
the system.

> I expect that running qemu as root counts as a 'bad idea' (I gather
> that commands are filtered when running as a regular user), but even so,
> I wonder if guests should be prevented from performing firmware updates?
Yeps.

> Obviously, the same questions would apply for SCSI passthrough...

Regards,

-- 
Alexandre Bique
reply via email to
[Prev in Thread] Current Thread [Next in Thread]