Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a pri

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a pri

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface
Date:	Wed, 3 Jul 2019 09:41:07 -0500
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0

On 7/3/19 8:54 AM, Daniel P. Berrangé wrote:
> A supposed exploit of QEMU was recently announced as CVE-2019-12928
> claiming that the monitor console was insecure because the "migrate"
> comand enabled arbitrary command execution for a remote attacker.

command

> 
> For this to be a flaw the user launching QEMU must have configured
> the monitor in a way that allows for other userrs to access it. The

users

> exploit report quoted use of the "tcp" character device backend for
> QMP.
> -- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Daniel P . Berrangé, 2019/07/03
- Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Philippe Mathieu-Daudé, 2019/07/03
  - Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Daniel P . Berrangé, 2019/07/03
- Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Eric Blake <=
- Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, no-reply, 2019/07/03
- Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Alex Bennée, 2019/07/03
  - Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Daniel P . Berrangé, 2019/07/04
    - Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Alex Bennée, 2019/07/04
    - Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Daniel P . Berrangé, 2019/07/04
    - Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Alex Bennée, 2019/07/04
- Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, no-reply, 2019/07/03
- Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface, Markus Armbruster, 2019/07/05

Prev by Date: Re: [Qemu-devel] [PATCH v1 3/3] qcow2: add zstd cluster compression
Next by Date: Re: [Qemu-devel] [PULL 0/3] Trivial branch patches
Previous by thread: Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface
Next by thread: Re: [Qemu-devel] [PATCH] doc: document that the monitor console is a privileged control interface
Index(es):
- Date
- Thread