[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing opti
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment |
|
Date: |
Tue, 09 Jul 2019 07:53:15 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Daniel P. Berrangé <address@hidden> writes:
> On Mon, Jul 08, 2019 at 12:27:12PM +0200, Philippe Mathieu-Daudé wrote:
[...]
>> Anyway, to stop bikeshedding this thread, can you add few lines about
>> why not use getenv() in the HACKING?
>
> I don't actually think the getenv thing is a security issue in any case.
> If there was a security problem exploitable via getenv, then the bug would
> lie in the application invoking QEMU for not ensuring the ENV contents
> were safe before exec'ing QEMU.
Correct.
> Libvirt is paranoid by default and scrubs
> QEMU's env only keeping a specific sanitized whitelist for exactly these
> reasons.
Must have for running programs with different privileges.
Corrollary: a program that does not use getenv() at all is slightly
harder to misuse with different privileges. Irrelevant in practice,
because libraries use getenv(), starting with ld.so.
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, (continued)
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Stefan Hajnoczi, 2019/07/04
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Daniel P . Berrangé, 2019/07/04
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Stefan Hajnoczi, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Philippe Mathieu-Daudé, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Markus Armbruster, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Philippe Mathieu-Daudé, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Markus Armbruster, 2019/07/06
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Daniel P . Berrangé, 2019/07/08
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Philippe Mathieu-Daudé, 2019/07/08
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Daniel P . Berrangé, 2019/07/08
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment,
Markus Armbruster <=
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Stefan Hajnoczi, 2019/07/09
Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, no-reply, 2019/07/03