qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH RFC] tcmu: Introduce qemu-tcmu

From: Andy Grover
Subject: Re: [Qemu-devel] [PATCH RFC] tcmu: Introduce qemu-tcmu
Date: Thu, 20 Oct 2016 10:21:53 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 
On 10/20/2016 07:30 AM, Fam Zheng wrote:

On Thu, 10/20 15:08, Stefan Hajnoczi wrote:

If a corrupt image is able to execute arbitrary code in the qemu-tcmu
process, does /dev/uio0 or the tcmu shared memory interface allow get
root or kernel privileges?


I haven't audited the code, but target_core_user.ko should contain the access to
/dev/uioX and make sure there is no security risk regarding buggy or malicious
handlers. Otherwise it's a bug that should be fixed. Andy can correct me if I'm
wrong.
Yes... well, TCMU ensures that a bad handler can't scribble to kernel memory outside the shared memory area.
UIO devices are basically a "device drivers in userspace" kind of API so they require root to use. I seem to remember somebody mentioning ways this might work for less-privileged handlers (fd-passing??) but no way to do this exists just yet. 

Regards -- Andy
reply via email to
[Prev in Thread] Current Thread [Next in Thread]