[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5
From: |
Alexander Graf |
Subject: |
Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5 |
Date: |
Tue, 19 Oct 2010 01:29:56 +0200 |
On 30.08.2009, at 02:14, Anthony Liguori wrote:
> Carl-Daniel Hailfinger wrote:
>> The guest can also mess up other devices with the help of specially
>> crafted firmware. So even if the user does not care about the effects on
>> a particular device, a firmware upgrade might affect other devices
>> (which are not used by Qemu in any way) as well.
>
> Please be more specific. How is this any different than PCI passthrough with
> VT-d or USB passthrough?
>
>> As a result, this is
>> essentially a "break out of qemu or DoS the machine under certain
>> conditions" feature. If that particular side effect / feature is
>> documented, users who read the documentation won't get any nasty surprises.
>>
>
> A user will get a really nasty surprise if they think they can use a flag or
> rely on QEMU to prevent a VM from doing something nasty with a device. If
> they have this feeling of security, they're likely to chmod the device to
> allow unprivileged users to access it.
>
> But how a device handles ATAPI commands is totally up to the device. If you
> issue the wrong sequence, I'm sure there are devices out there that totally
> hose themselves. Are you absolutely confident that every ATAPI device out
> there is completely safe against hostile code provided that you simply
> prevent the FW update commands? I'm certainly not.
Ping?
Alex
- Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5,
Alexander Graf <=