undefined | Better HN

0 pointsbonzini2y ago0 comments

While QEMU uses C, which is not great, it has on its side 15+ years of hardening by the KVM developers. The problem with QEMU is not so much insecurity, it's that it contains the kitchen sink.

However, most of the exploits you'll find in QEMU are against configurations that are never used in real world virtualization scenarios where guests are untrusted. You can recognize them because hardware not commonly used with untrusted guests does not get a CVE.

For a while, slirp was the remaining major issue because it was used way beyond the original intention. But now it's been tamed and there's also passt, a much higher performance and much more secure implementation of user-mode networking.

0 comments

ungamedplayer2y ago

> You can recognize them because hardware not commonly used with untrusted guests does not get a CVE.

This is not true. Even non default configuration of any software or hardware that contains a security vulnerability can get a CVE. It has in the past and will again in the future.

Source: I have assigned over 2000 cves for the kernel.

bonziniOP2y ago

Yes, and the policy of QEMU is to not assign CVEs for bugs that would generally be hit only when QEMU is used as a development platform, as opposed to using it to offer virtualization services.

https://www.qemu.org/contribute/security-process/

We are colleagues by the way. :)

worthless-trash2y ago

> We are colleagues by the way. :)

I'm aware, I see you comment here regularly.

QEMU doesn't have to assign CVE's but any other CNA can. I do not believe that its good security or even good practice to negotiate out of exploitable flaws. Its a dis-service to users.

I don't have enough skin in the game to change upstream QEMU's mind on this, systems in exploitable configurations are just as exploitable with or without a CVE assigned. People with exploitable configurations now just can't find out there is a problem.

1 more reply

csdvrx2y ago

> But now it's been tamed and there's also passt, a much higher performance and much more secure implementation of user-mode networking

In case anyone else needs a link: http://blog.vmsplice.net/2021/10/a-new-approach-to-usermode-...

j / k navigate · click thread line to collapse