qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Security house-cleaning


From: Tim
Subject: Re: [Qemu-devel] [PATCH] Security house-cleaning
Date: Thu, 17 Jun 2004 09:37:40 -0700
User-agent: Mutt/1.5.5.1+cvs20040105i

> One of the main pros of Qemu (among the others) it that it has been
> designed NOT to run SUID.
> The only piece of code that need root access is tuntap networking.
> This problem can be circunvented by:
> - using sudo for tuntap
> - using user net (a.k.a slirp)
> - using vde.

Other future considerations: 
- PCI Proxy support (if it is ever offically supported)
    How will the host OS allow access by QEMU guest in this case?
- Other bus (USB, firewire, etc) direct access to real hardware


Not trying to be alarmist.  Just being conservative with code
quality/security.

tim




reply via email to

[Prev in Thread] Current Thread [Next in Thread]