[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing opti

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [RFC PATCH-for-4.2] tracing: Allow to tune tracing options via the environment
Date: Tue, 9 Jul 2019 09:58:16 +0200
User-agent: Mutt/1.12.0 (2019-05-25)

On Tue, Jul 09, 2019 at 07:53:15AM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé <address@hidden> writes:
> > On Mon, Jul 08, 2019 at 12:27:12PM +0200, Philippe Mathieu-Daudé wrote:
> [...]
> >> Anyway, to stop bikeshedding this thread, can you add few lines about
> >> why not use getenv() in the HACKING?
> >
> > I don't actually think the getenv thing is a security issue in any case.
> > If there was a security problem exploitable via getenv, then the bug would
> > lie in the application invoking QEMU for not ensuring the ENV contents
> > were safe before exec'ing QEMU.
> Correct.
> >                                 Libvirt is paranoid by default and scrubs
> > QEMU's env only keeping a specific sanitized whitelist for exactly these
> > reasons.
> Must have for running programs with different privileges.
> Corrollary: a program that does not use getenv() at all is slightly
> harder to misuse with different privileges.  Irrelevant in practice,
> because libraries use getenv(), starting with ld.so.

I'll reiterate that I'm happy to merge this but would first like to know
if Philippe is satisfied with adding it just to qtest?

Let's just add it to qtest if that is enough.  Otherwise let's bring it
into QEMU proper.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]