[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Security house-cleaning
From: |
Tim |
Subject: |
Re: [Qemu-devel] [PATCH] Security house-cleaning |
Date: |
Thu, 17 Jun 2004 09:37:40 -0700 |
User-agent: |
Mutt/1.5.5.1+cvs20040105i |
> One of the main pros of Qemu (among the others) it that it has been
> designed NOT to run SUID.
> The only piece of code that need root access is tuntap networking.
> This problem can be circunvented by:
> - using sudo for tuntap
> - using user net (a.k.a slirp)
> - using vde.
Other future considerations:
- PCI Proxy support (if it is ever offically supported)
How will the host OS allow access by QEMU guest in this case?
- Other bus (USB, firewire, etc) direct access to real hardware
Not trying to be alarmist. Just being conservative with code
quality/security.
tim
- [Qemu-devel] [PATCH] Security house-cleaning, Tim, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Gianni Tedesco, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Renzo Davoli, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Panagiotis Issaris, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Sebastien Bechet, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning,
Tim <=
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Sander Nagtegaal, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Gianni Tedesco, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Renzo Davoli, 2004/06/17
- Re: [Qemu-devel] [PATCH] Security house-cleaning, Tim, 2004/06/17