[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing opti
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment |
|
Date: |
Tue, 9 Jul 2019 09:58:16 +0200 |
|
User-agent: |
Mutt/1.12.0 (2019-05-25) |
On Tue, Jul 09, 2019 at 07:53:15AM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé <address@hidden> writes:
>
> > On Mon, Jul 08, 2019 at 12:27:12PM +0200, Philippe Mathieu-Daudé wrote:
> [...]
> >> Anyway, to stop bikeshedding this thread, can you add few lines about
> >> why not use getenv() in the HACKING?
> >
> > I don't actually think the getenv thing is a security issue in any case.
> > If there was a security problem exploitable via getenv, then the bug would
> > lie in the application invoking QEMU for not ensuring the ENV contents
> > were safe before exec'ing QEMU.
>
> Correct.
>
> > Libvirt is paranoid by default and scrubs
> > QEMU's env only keeping a specific sanitized whitelist for exactly these
> > reasons.
>
> Must have for running programs with different privileges.
>
> Corrollary: a program that does not use getenv() at all is slightly
> harder to misuse with different privileges. Irrelevant in practice,
> because libraries use getenv(), starting with ld.so.
I'll reiterate that I'm happy to merge this but would first like to know
if Philippe is satisfied with adding it just to qtest?
Let's just add it to qtest if that is enough. Otherwise let's bring it
into QEMU proper.
Stefan
signature.asc
Description: PGP signature
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, (continued)
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Daniel P . Berrangé, 2019/07/04
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Stefan Hajnoczi, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Philippe Mathieu-Daudé, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Markus Armbruster, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Philippe Mathieu-Daudé, 2019/07/05
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Markus Armbruster, 2019/07/06
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Daniel P . Berrangé, 2019/07/08
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Philippe Mathieu-Daudé, 2019/07/08
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Daniel P . Berrangé, 2019/07/08
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, Markus Armbruster, 2019/07/09
- Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment,
Stefan Hajnoczi <=
Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment, no-reply, 2019/07/03