Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5

[Alexander Graf]

On 30.08.2009, at 02:14, Anthony Liguori wrote:

> Carl-Daniel Hailfinger wrote:
>> The guest can also mess up other devices with the help of specially
>> crafted firmware. So even if the user does not care about the effects on
>> a particular device, a firmware upgrade might affect other devices
>> (which are not used by Qemu in any way) as well.
> 
> Please be more specific.  How is this any different than PCI passthrough with 
> VT-d or USB passthrough?
> 
>> As a result, this is
>> essentially a "break out of qemu or DoS the machine under certain
>> conditions" feature. If that particular side effect / feature is
>> documented, users who read the documentation won't get any nasty surprises.
>>  
> 
> A user will get a really nasty surprise if they think they can use a flag or 
> rely on QEMU to prevent a VM from doing something nasty with a device.  If 
> they have this feeling of security, they're likely to chmod the device to 
> allow unprivileged users to access it.
> 
> But how a device handles ATAPI commands is totally up to the device.  If you 
> issue the wrong sequence, I'm sure there are devices out there that totally 
> hose themselves.  Are you absolutely confident that every ATAPI device out 
> there is completely safe against hostile code provided that you simply 
> prevent the FW update commands?  I'm certainly not.

Ping?


Alex