[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp
From: |
Jes Sorensen |
Subject: |
[Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command |
Date: |
Mon, 13 Dec 2010 09:29:27 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101103 Fedora/1.0-0.33.b2pre.fc14 Lightning/1.0b3pre Thunderbird/3.1.6 |
On 12/10/10 18:09, Michael Roth wrote:
> I think with strictly enforced size limits the major liability for
> viewfile is, as you mentioned, users using it to view binary data or
> carefully crafted files that can mess up or fool users/shells/programs
> interpreting monitor output.
>
> But plain-text does not include escape sequences, so it's completely
> reasonable that we'd scrape them. And I'm not sure if a "(qemu)" in the
> text is a potential liability. Would there be any other issues to consider?
>
> If we can guard against those things, do you agree it wouldn't be an
> inherently dangerous interface? State-full, asynchronous RPCs like
> copyfile and exec are not really something I'd planned for the initial
> release. I think they'll take some time to get right, and a simple
> low-risk interface to cover what I'm fairly sure is the most common use
> case seems reasonable.
I am still wary of relying on strict limit enforcement. It is the sort
of thing that will eventually change without us noticing and we end up
with a security hole.
IMHO QEMU should not try to do these sorts of things, instead it should
provide the transport and control services. I don't think file viewing
belongs in QEMU at all. I would be a lot more comfortable if this was
implemented as a standalone monitor interface that connected to QEMU's
QMP interface. I could then use QMP to perform actions like copying the
file to /tmp and if viewing the file caused the monitor to lock up, we
wouldn't lose the guest. This could indeed be the start of an external
monitor :)
Cheers,
Jes
- Re: [Qemu-devel] Re: [RFC][PATCH v5 09/21] virtagent: add va.getdmesg RPC, (continued)
[Qemu-devel] [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Michael Roth, 2010/12/03
[Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Jes Sorensen, 2010/12/07
[Qemu-devel] [RFC][PATCH v5 11/21] virtagent: add va.shutdown RPC, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 06/21] virtagent: base server definitions, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 12/21] virtagent: add agent_shutdown qmp/hmp commands, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 14/21] virtagent: add agent_ping qmp/hmp commands, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 13/21] virtagent: add va.ping RPC, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 17/21] virtagent: add va.hello RPC, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 18/21] virtagent: add "hello" notification function for guest agent, Michael Roth, 2010/12/03
[Qemu-devel] [RFC][PATCH v5 19/21] virtagent: add virtagent guest daemon, Michael Roth, 2010/12/03