On 6/27/07, Gregory Haskins <[EMAIL PROTECTED]> wrote: > On Wed, 2007-06-27 at 13:33 +0900, Jun Koi wrote: > > On 6/27/07, Gregory Haskins <[EMAIL PROTECTED]> wrote: > > > On Wed, 2007-06-27 at 12:51 +0900, Jun Koi wrote: > > > > BTW, I think that turning on debugger from qemu is a dangerous action, > > > > from security point of view. Once the gdbserver is started, anybody > > > > can connect to it (with gdb) and modify VM memory in anyway he wants > > > > (like overwrite kernel with malicious code). The problem why this is > > > > feasible is because there is no authentication machanism on gdbserver > > > > at all. > > > > > > > > Any idea? > > > > > > Its probably not a real-world concern since you wouldn't be debugging in > > > production. But, if it was a concern to someone you could do things to > > > qemu to shore this up a little bit. For instance, bind the gdb-proxy to > > > the "localhost" address, or alternatively open a gdb transport over a > > > unix-domain-socket with appropriate perms instead of IP, etc. > > > > > > > I like the domain socket idea, but naturally gdb does not support that > > kind of communication, but only network and serial line, does it? > > Since its all open-source, it will support anything you code it to do ;)
Sure, but I were just wondering if I can do that without modiying gdb client ;-) > In a past life, I modified it to work over a proprietary IPC mechanism > and it worked great. > > But on that subject, I bet there are tools out there that might do the > conversion for you (socat?) without modifying any code. > OK, but socat cannot prevent local attacks. Thanks, Jun ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
