[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field
From: |
Christian Schoenebeck |
Subject: |
Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field |
Date: |
Tue, 14 Jul 2020 17:04:14 +0200 |
On Dienstag, 14. Juli 2020 15:56:24 CEST Thomas Huth wrote:
> >> The challenge I see is that wiring up a runtime flag into every relevant
> >> part of the QEMU codebase is an pretty large amount of work. Every
> >> device,
> >> every machine type, every backend type, every generic subsystem will all
> >> need checks for this flag. It is possible, but it isn't going to be quick
> >> or easy, especially with poor error reporting support in many areas.
> >
> > Would it make more sense as a configure flag that decides whether or not
> > to compile in potentially problematic devices/backends?
>
> I guess there are users for both. Some people prefer to compile their
> reduced QEMU binary (remember Nemu?), while the users from the normal
> Linux distros might benefit more from a runtime switch, I guess.
>
> I wonder whether it's somehow possible to unify both approaches, so that
> we could mark the secure/insecure objects in the Makefiles already and
> then either don't link them for the Nema-style users, or mark the
> objects via some linker magic (?) as insecure, so we could flag them
> during runtime if a certain parameter has been used...? No clue whether
> that's possible at all, I'm just brainstorming...
Then what about new (i.e. experimental) features? Those would then need to be
moved into separate objects for that, otherwise they would be handled with the
same (high) security level. Moving them to other units complicates patches.
It might make sense being able to mark the security level of a unit, while
also being able to override the security level of individual functions (i.e.
by some magic macro, similar to existing macro 'coroutine_fn').
However despite the details, that concept in general has the limitation of
being a somewhat undeterministic runtime feature; i.e. it might abort
immediately (good) or who knows when (bad). Hence being able to also associate
a security level with runtime parameters would be beneficial to cause the
abortion to happen rather immediately.
Best regards,
Christian Schoenebeck
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, (continued)
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, P J P, 2020/07/14
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Cornelia Huck, 2020/07/16
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Daniel P . Berrangé, 2020/07/16
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, P J P, 2020/07/16
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Daniel P . Berrangé, 2020/07/16
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Christian Schoenebeck, 2020/07/16
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Daniel P . Berrangé, 2020/07/16
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Daniel P . Berrangé, 2020/07/14
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Kevin Wolf, 2020/07/14
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Thomas Huth, 2020/07/14
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field,
Christian Schoenebeck <=
- Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Daniel P . Berrangé, 2020/07/14
Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Philippe Mathieu-Daudé, 2020/07/14
Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Cornelia Huck, 2020/07/14
Re: [PATCH 1/1] MAINTAINERS: introduce cve or security quotient field, Dr. David Alan Gilbert, 2020/07/16
Re: [PATCH 0/1] MAINTAINERS: add security quotient field, Michael S. Tsirkin, 2020/07/14