[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 09/26] HACK: vhost-user-backend: allow to spe
From: |
Daniel P . Berrangé |
Subject: |
Re: [Qemu-devel] [PATCH v3 09/26] HACK: vhost-user-backend: allow to specify binary to execute |
Date: |
Tue, 19 Jun 2018 10:07:53 +0100 |
User-agent: |
Mutt/1.9.5 (2018-04-13) |
On Tue, Jun 19, 2018 at 08:19:03AM +0200, Gerd Hoffmann wrote:
> On Mon, Jun 18, 2018 at 06:17:12PM +0200, Marc-André Lureau wrote:
> > An executable with its arguments may be given as 'cmd' property, ex:
> > -object vhost-user-backend,id=vui,cmd="./vhost-user-input
> > /dev/input..". The executable is then spawn and, by convention, the
> > vhost-user socket is passed as fd=3. It may be considered a security
> > breach to allow creating processes that may execute arbitrary
> > executables, so this may be restricted to some known executables (via
> > signature etc) or directory.
>
> Hmm, maybe let the device which uses vhost-user-backend handle this?
>
> So you use "-device vhost-user-input-pci,device=/dev/input/$dev" and
> vhost-user-input-pci translates that into ...
>
> argv = { "$dir/vhost-user-input", "-device", "/dev/input/$dev", NULL }
>
> ... for vhost-user-backend ?
Or just accept the binary name, but mandate a pre-determined set of
argv, in the same way we do for TAP device ifup scripts.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [Qemu-devel] [PATCH v3 01/26] chardev: avoid crash if no associated address, (continued)
- [Qemu-devel] [PATCH v3 03/26] dmabuf: add y0_top, pass it to spice, Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 04/26] vhost-user: simplify vhost_user_init/vhost_user_cleanup, Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 05/26] libvhost-user: exit by default on VHOST_USER_NONE, Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 06/26] vhost-user: wrap some read/write with retry handling, Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 09/26] HACK: vhost-user-backend: allow to specify binary to execute, Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 07/26] qio: add qio_channel_command_new_spawn_with_pre_exec(), Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 08/26] Add vhost-user-backend, Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 10/26] vhost-user: split vhost_user_read(), Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 11/26] vhost-user: add vhost_user_input_get_config(), Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 12/26] libvhost-user: export vug_source_new(), Marc-André Lureau, 2018/06/18
- [Qemu-devel] [PATCH v3 13/26] contrib: add vhost-user-input, Marc-André Lureau, 2018/06/18