On 30.08.2009, at 02:14, Anthony Liguori wrote: > Carl-Daniel Hailfinger wrote: >> The guest can also mess up other devices with the help of specially >> crafted firmware. So even if the user does not care about the effects on >> a particular device, a firmware upgrade might affect other devices >> (which are not used by Qemu in any way) as well. > > Please be more specific. How is this any different than PCI passthrough with > VT-d or USB passthrough? > >> As a result, this is >> essentially a "break out of qemu or DoS the machine under certain >> conditions" feature. If that particular side effect / feature is >> documented, users who read the documentation won't get any nasty surprises. >> > > A user will get a really nasty surprise if they think they can use a flag or > rely on QEMU to prevent a VM from doing something nasty with a device. If > they have this feeling of security, they're likely to chmod the device to > allow unprivileged users to access it. > > But how a device handles ATAPI commands is totally up to the device. If you > issue the wrong sequence, I'm sure there are devices out there that totally > hose themselves. Are you absolutely confident that every ATAPI device out > there is completely safe against hostile code provided that you simply > prevent the FW update commands? I'm certainly not.
Ping? Alex
