[Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp

From:	Jes Sorensen
Subject:	[Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command
Date:	Fri, 10 Dec 2010 07:43:57 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101103 Fedora/1.0-0.33.b2pre.fc14 Lightning/1.0b3pre Thunderbird/3.1.6

On 12/09/10 22:12, Michael Roth wrote:
> On 12/07/2010 08:26 AM, Jes Sorensen wrote:
>> I believe this suffers from the same architectural problem I mentioned
>> in my comment to 07/21 - you don't restrict the file size, so it could
>> blow up the QEMU process on the host trying to view the wrong file.
> 
> It's restricted on the guest side:
> 
> virtagent-server.c:va_getfile():
> 
>     while ((ret = read(fd, buf, VA_FILEBUF_LEN)) > 0) {
>         file_contents = qemu_realloc(file_contents, count +
> VA_FILEBUF_LEN);
>         memcpy(file_contents + count, buf, ret);
>         count += ret;
>         if (count > VA_GETFILE_MAX) {
>             xmlrpc_faultf(env, "max file size (%d bytes) exceeded",
>                           VA_GETFILE_MAX);
>             goto EXIT_CLOSE_BAD;
>         }
>     }

You cannot rely on the guest controlling this. You really have to treat
any guest as hostile and keep control and security in the host,
otherwise a hacked guest could end up attacking the host by blowing up
the host's QEMU process.

Cheers,
Jes

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Re: [RFC][PATCH v5 09/21] virtagent: add va.getdmesg RPC, (continued)
- [Qemu-devel] [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Michael Roth, 2010/12/03
  - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Adam Litke, 2010/12/06
    - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Michael Roth, 2010/12/06
    - Re: [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Michael Roth, 2010/12/07
  - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Jes Sorensen, 2010/12/07
    - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Michael Roth, 2010/12/09
    - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Jes Sorensen <=
    - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Michael Roth, 2010/12/10
    - [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command, Jes Sorensen, 2010/12/13
- [Qemu-devel] [RFC][PATCH v5 11/21] virtagent: add va.shutdown RPC, Michael Roth, 2010/12/03
- [Qemu-devel] [RFC][PATCH v5 06/21] virtagent: base server definitions, Michael Roth, 2010/12/03
  - [Qemu-devel] Re: [RFC][PATCH v5 06/21] virtagent: base server definitions, Jes Sorensen, 2010/12/07
- [Qemu-devel] [RFC][PATCH v5 12/21] virtagent: add agent_shutdown qmp/hmp commands, Michael Roth, 2010/12/03
- [Qemu-devel] [RFC][PATCH v5 14/21] virtagent: add agent_ping qmp/hmp commands, Michael Roth, 2010/12/03
- [Qemu-devel] [RFC][PATCH v5 13/21] virtagent: add va.ping RPC, Michael Roth, 2010/12/03
- [Qemu-devel] [RFC][PATCH v5 17/21] virtagent: add va.hello RPC, Michael Roth, 2010/12/03
- [Qemu-devel] [RFC][PATCH v5 18/21] virtagent: add "hello" notification function for guest agent, Michael Roth, 2010/12/03

Prev by Date: [Qemu-devel] Re: [RFC][PATCH v5 07/21] virtagent: add va.getfile RPC
Next by Date: Re: [Qemu-devel] Re: [RFC][PATCH v5 09/21] virtagent: add va.getdmesg RPC
Previous by thread: [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command
Next by thread: [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command
Index(es):
- Date
- Thread