On Fri, Nov 30, 2012 at 03:35:46PM +0100, Paolo Bonzini wrote: > Il 30/11/2012 08:10, Mike Lovell ha scritto: > > On 10/12/2012 12:49 AM, Mike Lovell wrote: > >> This makes a few changes to allow ifname to be specified when using > >> qemu-bridge-helper with both the bridge and tap network interfaces. It > >> adds > >> the --ifname option to qemu-bridge-helper, removes the restriction > >> that ifname > >> cannot be specified with helper for the tap interface, and adds logic to > >> specify the --ifname option when exec'ing the helper. > > > > ping ... or syn. any other thoughts about this? > > I share Michael's perplexity. This feature could be exploitable. > > If we want to add this, the ifname should be subject to ACL rules just > like bridge names. For example you could have a special allow/deny > directive "allow foo@" which allows ifnames starting with "foo".
This is a good idea. The default should be that you are not allowed to choose arbitrary interface names. Stefan
