Hi:
Sorry to bother you~
I have read the discussions about CVE--2019-12928 (
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg01153.html).
But, for the scenario of PC users, which is no requirement of network access to
QMP, there are some mitigating proposes.
1. Modify the compilation options to disable QMP.
2. Modify command line parsing function to discard the QMP parameters with
network configurations.
3. PC manager or other manage software make sure only the trusted user can use
QMP.
4. Other ideas?
I want to have your suggestions.
Thanks,
Best regards.
