[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 37/38] docs: Document security implications of debugging
From: |
Alex Bennée |
Subject: |
[PATCH v4 37/38] docs: Document security implications of debugging |
Date: |
Fri, 30 Jun 2023 19:04:22 +0100 |
From: Ilya Leoshkevich <iii@linux.ibm.com>
Now that the GDB stub explicitly implements reading host files (note
that it was already possible by changing the emulated code to open and
read those files), concerns may arise that it undermines security.
Document the status quo, which is that the users are already
responsible for securing the GDB connection themselves.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230627160943.2956928-36-alex.bennee@linaro.org>
Message-Id: <20230621203627.1808446-8-iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
docs/system/gdb.rst | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/docs/system/gdb.rst b/docs/system/gdb.rst
index 7d3718deef..9906991b84 100644
--- a/docs/system/gdb.rst
+++ b/docs/system/gdb.rst
@@ -214,3 +214,18 @@ The memory mode can be checked by sending the following
command:
``maintenance packet Qqemu.PhyMemMode:0``
This will change it back to normal memory mode.
+
+Security considerations
+=======================
+
+Connecting to the GDB socket allows running arbitrary code inside the guest;
+in case of the TCG emulation, which is not considered a security boundary, this
+also means running arbitrary code on the host. Additionally, when debugging
+qemu-user, it allows directly downloading any file readable by QEMU from the
+host.
+
+The GDB socket is not protected by authentication, authorization or encryption.
+It is therefore a responsibility of the user to make sure that only authorized
+clients can connect to it, e.g., by using a unix socket with proper
+permissions, or by opening a TCP socket only on interfaces that are not
+reachable by potential attackers.
--
2.39.2
- [PATCH v4 06/38] qemu-keymap: properly check return from xkb_keymap_mod_get_index, (continued)
- [PATCH v4 06/38] qemu-keymap: properly check return from xkb_keymap_mod_get_index, Alex Bennée, 2023/06/30
- [PATCH v4 07/38] scripts/oss-fuzz: add a suppression for keymap, Alex Bennée, 2023/06/30
- [PATCH v4 12/38] tests/lcitool: Bump fedora container versions, Alex Bennée, 2023/06/30
- [PATCH v4 11/38] tests/lcitool: update to latest version, Alex Bennée, 2023/06/30
- [PATCH v4 38/38] tests/tcg: Add a test for info proc mappings, Alex Bennée, 2023/06/30
- [PATCH v4 14/38] tests/lcitool: introduce qemu-minimal, Alex Bennée, 2023/06/30
- [PATCH v4 13/38] tests/lcitool: add an explicit gcc-native package, Alex Bennée, 2023/06/30
- [PATCH v4 30/38] gdbstub: clean-up vcont handling to avoid goto, Alex Bennée, 2023/06/30
- [PATCH v4 32/38] linux-user: Add "safe" parameter to do_guest_openat(), Alex Bennée, 2023/06/30
- [PATCH v4 20/38] plugins: fix memory leak while parsing options, Alex Bennée, 2023/06/30
- [PATCH v4 37/38] docs: Document security implications of debugging,
Alex Bennée <=
- [PATCH v4 28/38] gdbstub: lightly refactor connection to avoid snprintf, Alex Bennée, 2023/06/30
- [PATCH v4 26/38] docs/devel: split qom-api reference into new file, Alex Bennée, 2023/06/30
- [PATCH v4 27/38] docs/devel: introduce some key concepts for QOM development, Alex Bennée, 2023/06/30
- [PATCH v4 21/38] plugins: update lockstep to use g_memdup2, Alex Bennée, 2023/06/30
- [PATCH v4 36/38] gdbstub: Add support for info proc mappings, Alex Bennée, 2023/06/30
- [PATCH v4 33/38] linux-user: Emulate /proc/self/smaps, Alex Bennée, 2023/06/30
- [PATCH v4 34/38] gdbstub: Expose gdb_get_process() and gdb_get_first_cpu_in_process(), Alex Bennée, 2023/06/30
- [PATCH v4 31/38] linux-user: Expose do_guest_openat() and do_guest_readlink(), Alex Bennée, 2023/06/30
- [PATCH v4 16/38] tests/avocado: update firmware to enable sbsa-ref/max, Alex Bennée, 2023/06/30
- [PATCH v4 25/38] docs/devel/qom.rst: Correct code style, Alex Bennée, 2023/06/30