On 12/09/10 22:12, Michael Roth wrote: > On 12/07/2010 08:26 AM, Jes Sorensen wrote: >> I believe this suffers from the same architectural problem I mentioned >> in my comment to 07/21 - you don't restrict the file size, so it could >> blow up the QEMU process on the host trying to view the wrong file. > > It's restricted on the guest side: > > virtagent-server.c:va_getfile(): > > while ((ret = read(fd, buf, VA_FILEBUF_LEN)) > 0) { > file_contents = qemu_realloc(file_contents, count + > VA_FILEBUF_LEN); > memcpy(file_contents + count, buf, ret); > count += ret; > if (count > VA_GETFILE_MAX) { > xmlrpc_faultf(env, "max file size (%d bytes) exceeded", > VA_GETFILE_MAX); > goto EXIT_CLOSE_BAD; > } > }
You cannot rely on the guest controlling this. You really have to treat any guest as hostile and keep control and security in the host, otherwise a hacked guest could end up attacking the host by blowing up the host's QEMU process. Cheers, Jes