On Thu, Jul 16, 2020 at 02:22:14PM +0200, Christian Schoenebeck wrote:
> On Donnerstag, 16. Juli 2020 12:01:57 CEST Daniel P. Berrangé wrote:
> > > My concern here is that just distinguishing between either 'low' or 'high'
> > > is a far too rough classification.
> > >
> > > In our preceding commu
On Donnerstag, 16. Juli 2020 12:01:57 CEST Daniel P. Berrangé wrote:
> > My concern here is that just distinguishing between either 'low' or 'high'
> > is a far too rough classification.
> >
> > In our preceding communication regarding 9pfs, I made clear that a) we do
> > care about security relev
Daniel P. Berrangé writes:
[...]
> NB, the build time classification won't be perfect, but that's largely
> because we don't have sufficient granularity in what we build. For
> example, although we only care about QMP, IIUC, we can't turn off HMP
> at build time.
It could be made compile-time op
On Thu, Jul 16, 2020 at 11:45:50AM +0200, Christian Schoenebeck wrote:
> On Donnerstag, 16. Juli 2020 11:21:55 CEST P J P wrote:
> > +-- On Thu, 16 Jul 2020, Daniel P. Berrangé wrote --+
> >
> > | > Failing to start (with a message that explains why) if one of the
> > | > command
> > | > line opt
On Thu, Jul 16, 2020 at 03:14:51PM +0530, P J P wrote:
> +-- On Thu, 16 Jul 2020, Dr. David Alan Gilbert wrote --+
> | > + C: CVE/Security/Trust Quotient
> | > +H:High - Feature (or code) is meant to be safe and used by untrusted
> | > + guests. So any potential security issue must
On Donnerstag, 16. Juli 2020 11:21:55 CEST P J P wrote:
> +-- On Thu, 16 Jul 2020, Daniel P. Berrangé wrote --+
>
> | > Failing to start (with a message that explains why) if one of the
> | > command
> | > line options is not covered by a specified security policy is not
> | > unreasonable (after
+-- On Thu, 16 Jul 2020, Dr. David Alan Gilbert wrote --+
| > + C: CVE/Security/Trust Quotient
| > + H:High - Feature (or code) is meant to be safe and used by untrusted
| > + guests. So any potential security issue must be processed
with
| > + due care and be co
On Thu, Jul 16, 2020 at 02:51:55PM +0530, P J P wrote:
> +-- On Thu, 16 Jul 2020, Daniel P. Berrangé wrote --+
> | > Failing to start (with a message that explains why) if one of the command
> | > line options is not covered by a specified security policy is not
> | > unreasonable (after all, we
+-- On Thu, 16 Jul 2020, Daniel P. Berrangé wrote --+
| > Failing to start (with a message that explains why) if one of the command
| > line options is not covered by a specified security policy is not
| > unreasonable (after all, we fail to start for other cases of incompatible
| > command lin
* P J P (ppan...@redhat.com) wrote:
> From: Prasad J Pandit
>
> QEMU supports numerous virtualisation and emulation use cases.
> It also offers many features to support guest's function(s).
>
> All of these use cases and features are not always security relevant.
> Because some maybe used in tru
On Thu, Jul 16, 2020 at 08:55:43AM +0200, Cornelia Huck wrote:
> On Tue, 14 Jul 2020 18:40:11 +0530 (IST)
> P J P wrote:
>
>
>
> > * QEMU would abort(3), if a user attempts to start QEMU with insecure
> > options
> >like say -virtfs OR -fda fat:floopy OR -netdev user OR -device tulip ?
On Tue, 14 Jul 2020 18:40:11 +0530 (IST)
P J P wrote:
> * QEMU would abort(3), if a user attempts to start QEMU with insecure
> options
>like say -virtfs OR -fda fat:floopy OR -netdev user OR -device tulip ?
>
> * One way could be to abort(3) at options parsing stage, if 'security' f
On Dienstag, 14. Juli 2020 15:56:24 CEST Thomas Huth wrote:
> >> The challenge I see is that wiring up a runtime flag into every relevant
> >> part of the QEMU codebase is an pretty large amount of work. Every
> >> device,
> >> every machine type, every backend type, every generic subsystem will al
On Tue, Jul 14, 2020 at 03:48:56PM +0200, Kevin Wolf wrote:
> Am 14.07.2020 um 15:30 hat Daniel P. Berrangé geschrieben:
> > On Tue, Jul 14, 2020 at 07:02:59AM -0400, Michael S. Tsirkin wrote:
> > > On Tue, Jul 14, 2020 at 11:22:28AM +0100, Peter Maydell wrote:
> > > > On Tue, 14 Jul 2020 at 11:
On 14/07/2020 15.48, Kevin Wolf wrote:
> Am 14.07.2020 um 15:30 hat Daniel P. Berrangé geschrieben:
>> On Tue, Jul 14, 2020 at 07:02:59AM -0400, Michael S. Tsirkin wrote:
>>> On Tue, Jul 14, 2020 at 11:22:28AM +0100, Peter Maydell wrote:
On Tue, 14 Jul 2020 at 11:12, Michael S. Tsirkin wro
Am 14.07.2020 um 15:30 hat Daniel P. Berrangé geschrieben:
> On Tue, Jul 14, 2020 at 07:02:59AM -0400, Michael S. Tsirkin wrote:
> > On Tue, Jul 14, 2020 at 11:22:28AM +0100, Peter Maydell wrote:
> > > On Tue, 14 Jul 2020 at 11:12, Michael S. Tsirkin wrote:
> > > > And for people who want to buil
On Tue, Jul 14, 2020 at 07:02:59AM -0400, Michael S. Tsirkin wrote:
> On Tue, Jul 14, 2020 at 11:22:28AM +0100, Peter Maydell wrote:
> > On Tue, 14 Jul 2020 at 11:12, Michael S. Tsirkin wrote:
> > > And for people who want to build QEMU with lots of functionality (like
> > > Fedora does), I think
Hello all,
Thank you so much for the comments and inptus, I appreciate it.
+-- On Tue, 14 Jul 2020, Michael S. Tsirkin wrote --+
| On Tue, Jul 14, 2020 at 11:22:28AM +0100, Peter Maydell wrote:
| > On Tue, 14 Jul 2020 at 11:12, Michael S. Tsirkin wrote:
| > > And for people who want to build Q
On Tue, 14 Jul 2020 14:06:31 +0530
P J P wrote:
> From: Prasad J Pandit
>
> QEMU supports numerous virtualisation and emulation use cases.
> It also offers many features to support guest's function(s).
>
> All of these use cases and features are not always security relevant.
> Because some may
On Tue, Jul 14, 2020 at 11:22:28AM +0100, Peter Maydell wrote:
> On Tue, 14 Jul 2020 at 11:12, Michael S. Tsirkin wrote:
> > And for people who want to build QEMU with lots of functionality (like
> > Fedora does), I think a -security flag would be a useful addition.
> > We can then tell security r
On Tue, 14 Jul 2020 at 11:12, Michael S. Tsirkin wrote:
> And for people who want to build QEMU with lots of functionality (like
> Fedora does), I think a -security flag would be a useful addition.
> We can then tell security researchers "only a high security issue
> if it reproduces with -securit
Hi Prasad,
On 7/14/20 10:36 AM, P J P wrote:
> From: Prasad J Pandit
>
> QEMU supports numerous virtualisation and emulation use cases.
> It also offers many features to support guest's function(s).
>
> All of these use cases and features are not always security relevant.
> Because some maybe u
On Tue, Jul 14, 2020 at 10:52:33AM +0100, Daniel P. Berrangé wrote:
> On Tue, Jul 14, 2020 at 10:42:55AM +0100, Peter Maydell wrote:
> > On Tue, 14 Jul 2020 at 09:40, P J P wrote:
> > >
> > > From: Prasad J Pandit
> > >
> > > QEMU supports numerous virtualisation and emulation use cases.
> > > I
On Tue, Jul 14, 2020 at 10:42:55AM +0100, Peter Maydell wrote:
> On Tue, 14 Jul 2020 at 09:40, P J P wrote:
> >
> > From: Prasad J Pandit
> >
> > QEMU supports numerous virtualisation and emulation use cases.
> > It also offers many features to support guest's function(s).
> >
> > All of these us
On Tue, 14 Jul 2020 at 09:40, P J P wrote:
>
> From: Prasad J Pandit
>
> QEMU supports numerous virtualisation and emulation use cases.
> It also offers many features to support guest's function(s).
>
> All of these use cases and features are not always security relevant.
> Because some maybe use
From: Prasad J Pandit
QEMU supports numerous virtualisation and emulation use cases.
It also offers many features to support guest's function(s).
All of these use cases and features are not always security relevant.
Because some maybe used in trusted environments only. Some may still
be in exper
26 matches
Mail list logo
