[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU
On Mon, 11 Jun 2012, Ian Jackson wrote:
> Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs
> compilation by default in upstream QEMU"):
> > On Fri, 8 Jun 2012, Ian Jackson wrote:
> > > So what is the default configuration ?
> > The default is on.
> > > Do we have any protection from
> > > possible bugs in the virtfs access control system ?
> > Nothing more and nothing less than QEMU 1.0 stable provides.
> That situation seems like a release-critical bug from our point of
virtfs is not enabled unless you pass specific arguments to QEMU,
which we do not.
Besides saying that an open source technology X is dangerous because it
has been developed by a different community than ours, without giving
any technical reasons for it, is just spreading FUD.
QEMU provides a much wider surface of attack than just virtfs.
What protections do we have from the other QEMU bugs?
Linux PV backend drivers are directly exposed to guest frontend PV
drivers. What protections do we have in Linux?
What protections do we have from other Linux bugs in dom0?
> And this is relevant because we're now using upstream qemu 1.0 by
> default for some guests.
Only in PV guests, for which this discussion is not relevant.
Xen-devel mailing list