On 12/09/10 22:12, Michael Roth wrote:
> On 12/07/2010 08:26 AM, Jes Sorensen wrote:
>> I believe this suffers from the same architectural problem I mentioned
>> in my comment to 07/21 - you don't restrict the file size, so it could
>> blow up the QEMU process on the host trying to view the wrong file.
>
> It's restricted on the guest side:
>
> virtagent-server.c:va_getfile():
>
> while ((ret = read(fd, buf, VA_FILEBUF_LEN)) > 0) {
> file_contents = qemu_realloc(file_contents, count +
> VA_FILEBUF_LEN);
> memcpy(file_contents + count, buf, ret);
> count += ret;
> if (count > VA_GETFILE_MAX) {
> xmlrpc_faultf(env, "max file size (%d bytes) exceeded",
> VA_GETFILE_MAX);
> goto EXIT_CLOSE_BAD;
> }
> }
You cannot rely on the guest controlling this. You really have to treat
any guest as hostile and keep control and security in the host,
otherwise a hacked guest could end up attacking the host by blowing up
the host's QEMU process.
Cheers,
Jes
