| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-03-06 | qemu-doc: move included files to docs/system | Paolo Bonzini | |
| Since qemu-doc.texi is mostly including files from docs/system, move the existing include files there for consistency. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200228153619.9906-12-peter.maydell@linaro.org Message-id: 20200226113034.6741-12-pbonzini@redhat.com [PMM: update MAINTAINERS line for qemu-option-trace.texi] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | |||
| 2019-07-19 | doc: document that the monitor console is a privileged control interface | Daniel P. Berrangé | |
| A supposed exploit of QEMU was recently announced as CVE-2019-12928 claiming that the monitor console was insecure because the "migrate" command enabled arbitrary command execution for a remote attacker. To be a security risk the user launching QEMU must have configured the monitor in a way that allows for other users to access it. The exploit report quoted use of the "tcp" character device backend for QMP. This would indeed allow any network user to connect to QEMU and execute arbitrary commands, however, this is not a flaw in QEMU. It is the normal expected behaviour of the monitor console and the commands it supports. Given a monitor connection, there are many ways to access host file system content besides the migrate command. The reality is that the monitor console (whether QMP or HMP) is considered a privileged interface to QEMU and as such must only be made available to trusted users. IOW, making it available with no authentication over TCP is simply a, very serious, user configuration error not a security flaw in QEMU itself. The one thing this bogus security report highlights though is that we have not clearly documented the security implications around the use of the monitor. Add a few paragraphs of text to the security docs explaining why the monitor is a privileged interface and making a recommendation to only use the UNIX socket character device backend. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> | |||
| 2019-05-10 | docs: add Security chapter to the documentation | Stefan Hajnoczi | |
| This new chapter in the QEMU documentation covers the security requirements that QEMU is designed to meet and principles for securely deploying QEMU. It is just a starting point that can be extended in the future with more information. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Message-id: 20190509121820.16294-3-stefanha@redhat.com Message-Id: <20190509121820.16294-3-stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | |||
 |
index : slackcoder/qemu | |
| QEMU is a generic and open source machine & userspace emulator and virtualizer | Mirror |
| aboutsummaryrefslogtreecommitdiff |