[Qemu-devel] Re: Re: Killing KQEMU

[Chris Frey]

On Tue, Jun 02, 2009 at 09:47:14PM +0100, Stuart Brady wrote:
> On Tue, Jun 02, 2009 at 04:09:18PM -0400, Chris Frey wrote:
> > I would hope that anyone who deliberately breaks kqemu support would be
> > kind enough to post that fact to the mailing list, with a description of
> > what's broken and why, so that others may step up to the plate and fix it.
> 
> Perhaps so, but unless someone is actually going to fix kqemu or write a
> replacement, I don't see what difference this really makes.

The difference is that people that use kqemu would know the very latest
commit that supports kqemu before it was broken deliberately.  I'm assuming
I'm not the only one who compiles the latest git every so often and
hopes it works with kqemu.


> More like "impossible because it *should* never happen".  kqemu is not
> known to be secure.

Did you mean "kqemu is known to not be secure" or is this just FUD?

The KQEMU technical documentation on the QEMU website specifically
stresses that no VM code is run at kernel level, so someone was thinking
about security when it was written.

Running something like the single-module KQEMU is a lot safer than running
the VMWare binary blobs, in my opinion, unless there are known security
holes in it that have not been fixed.  In which case, I'm quite interested
to know, as it might affect my cheerleading for it. :-)

- Chris