8:09 a.m.
This also changes the name of the "vmchannel" buffer to just "buf",
reflecting the fact that it's just used as a temporary buffer, and
that the word vmchannel is overloaded.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html
9:28 a.m.
Richard W.M. Jones wrote:
This also changes the name of the "vmchannel" buffer to
just "buf",
reflecting the fact that it's just used as a temporary buffer, and
that the word vmchannel is overloaded.
...
Looks good.
-//#define GUESTFWD_ADDR "10.0.2.4"
+#define GUESTFWD_ADDR "10.0.2.4"
/* GuestFS handle and connection. */
enum state { CONFIG, LAUNCHING, READY, BUSY, NO_HANDLE };
@@ -983,7 +983,7 @@ guestfs__launch (guestfs_h *g)
}
if (r == 0) { /* Child (qemu). */
- char vmchannel[256];
+ char buf[256];
Is 256 guaranteed to be enough? I.e., who controls "unixsock"?
If not, failing snprintf will leave you with a truncated command string.
...
+ snprintf (buf, sizeof buf,
+ "socket,id=guestfsvmc,path=%s,server,nowait", unixsock);
+
+ add_cmdline (g, "-chardev");
+ add_cmdline (g, buf);
+
+ snprintf (buf, sizeof buf,
+ "user,vlan=0,net=10.0.2.0/8,"
+ "guestfwd=tcp:%s:%d-chardev:guestfsvmc",
+ GUESTFWD_ADDR, GUESTFWD_PORT);
...
add_cmdline (g, "user,vlan=0,net=10.0.2.0/8");
Note the two hard-coded net strings, "10.0.2.0/8".
It'd be nice to factor those out.
They could even be derived from the value of GUESTFWD_ADDR.
9:39 a.m.
On Fri, Sep 18, 2009 at 04:28:58PM +0200, Jim Meyering wrote:
Richard W.M. Jones wrote:
> This also changes the name of the "vmchannel" buffer to just
"buf",
> reflecting the fact that it's just used as a temporary buffer, and
> that the word vmchannel is overloaded.
...
Looks good.
> -//#define GUESTFWD_ADDR "10.0.2.4"
> +#define GUESTFWD_ADDR "10.0.2.4"
>
> /* GuestFS handle and connection. */
> enum state { CONFIG, LAUNCHING, READY, BUSY, NO_HANDLE };
> @@ -983,7 +983,7 @@ guestfs__launch (guestfs_h *g)
> }
>
> if (r == 0) { /* Child (qemu). */
> - char vmchannel[256];
> + char buf[256];
Is 256 guaranteed to be enough? I.e., who controls "unixsock"?
If not, failing snprintf will leave you with a truncated command string.
If $TMPDIR is set, then it would be possible to create a unixsock
string which is arbitrarily long. It's not a security issue, but it
would result in a truncated string. Of course TMPDIR would have to be
unreasonably long.
...
> + snprintf (buf, sizeof buf,
> + "socket,id=guestfsvmc,path=%s,server,nowait", unixsock);
> +
> + add_cmdline (g, "-chardev");
> + add_cmdline (g, buf);
> +
> + snprintf (buf, sizeof buf,
> + "user,vlan=0,net=10.0.2.0/8,"
> + "guestfwd=tcp:%s:%d-chardev:guestfsvmc",
> + GUESTFWD_ADDR, GUESTFWD_PORT);
...
> add_cmdline (g, "user,vlan=0,net=10.0.2.0/8");
Note the two hard-coded net strings, "10.0.2.0/8".
It'd be nice to factor those out.
They could even be derived from the value of GUESTFWD_ADDR.
Yes we could factor these out. If we removed them entirely, qemu
would default to 10.0.2.0/8, but I don't trust the qemu developers not
to change things randomly in future.
I'm still trying to work out if we can remove the need for vmchannel
entirely. So far I have an implementation which could work, but it
has an enormous, glaring security hole in the middle ...
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
5544
days inactive
5544
days old
2 comments
2 participants
participants (2)
-
Jim Meyering -
Richard W.M. Jones