[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] input: limit kbd queue depth
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH] input: limit kbd queue depth |
Date: |
Fri, 28 Apr 2017 09:49:06 +0100 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Fri, Apr 28, 2017 at 10:42:37AM +0200, Gerd Hoffmann wrote:
> Apply a limit to the number of items we accept into the keyboard queue.
Is there a need for similar protection fir mouse input events from VNC ?
> Impact: Without this limit vnc clients can exhaust host memory by
> sending keyboard events faster than qemu feeds them to the guest.
Ability for a remote network client to crash a host by exhausting
memory should be considered a security flaw & have a CVE allocated
for it.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|