Announcement

Collapse
No announcement yet.

QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • wagaf
    replied
    Originally posted by Delgarde View Post

    Possibly, but it's mostly just that it's more complicated... when you boot from a USB drive, it's usually the result of taking an ISO image, copying it to your USB drive, and booting off that. And that would be stupid for a VM, since you can just boot directly off the ISO image on disk by telling the VM it's a CD drive.
    Well, the image could be presented to the guest as USB mass storage.

    Leave a comment:


  • Delgarde
    replied
    Originally posted by wagaf View Post
    I also guess that USB VM drivers are even more bug-prone.
    Possibly, but it's mostly just that it's more complicated... when you boot from a USB drive, it's usually the result of taking an ISO image, copying it to your USB drive, and booting off that. And that would be stupid for a VM, since you can just boot directly off the ISO image on disk by telling the VM it's a CD drive.

    Leave a comment:


  • wagaf
    replied
    Originally posted by Delgarde View Post

    I think you're overlooking the fact that we're talking about VMs here, not physical machines. Nobody is talking about using real CDs here, but mounting an ISO image as a virtual CD drive remains the standard way of installing an OS on a VM.
    Yes,

    I also guess that USB VM drivers are even more bug-prone.

    Leave a comment:


  • Delgarde
    replied
    Originally posted by wagaf View Post
    What's a "cdrom" ?
    I use USB flash drives like everyone...
    I think you're overlooking the fact that we're talking about VMs here, not physical machines. Nobody is talking about using real CDs here, but mounting an ISO image as a virtual CD drive remains the standard way of installing an OS on a VM.

    Leave a comment:


  • nils_
    replied
    Originally posted by nanonyme View Post
    You're in minority then. CD images are *the* way to install stuff on virtual machines still

    I usually bootstrap the system directly or just do a PXE boot. But there is no real harm in including this capability, still a QEMU machine type without legacy cruft would be appreciated.

    And most VMs are likely installed from images (consider how many are run by the largest "cloud" providers alone)
    Last edited by nils_; 27 July 2015, 04:11 PM.

    Leave a comment:


  • nanonyme
    replied
    Originally posted by wagaf View Post

    What's a "cdrom" ?
    I use USB flash drives like everyone...
    You're in minority then. CD images are *the* way to install stuff on virtual machines still

    Leave a comment:


  • wagaf
    replied
    Originally posted by Rexilion View Post

    I would not be happy to install Windows on hardware just to use some piece of software to communicate with a device over 'COM/LPT (serial, paralell) ports, FireWire, or any of that'.

    Same goes for floppy (albeit not *that* necessary). And without a cdrom, how are you supposed to install an os on an empty disk? I have seen very few systems distributed as qemu image (ReactOS comes to mind).
    What's a "cdrom" ?
    I use USB flash drives like everyone...

    Leave a comment:


  • Rexilion
    replied
    Originally posted by uid313 View Post
    How about they just make a no-frills, legacy-free, barebone virtual machine without all the crap?

    No floppy, CD-ROM, PS/2, COM/LPT (serial, paralell) ports, FireWire, or any of that.
    Just Ethernet, maybe VGA, and maybe at most USB, but that is pushing it.
    I would not be happy to install Windows on hardware just to use some piece of software to communicate with a device over 'COM/LPT (serial, paralell) ports, FireWire, or any of that'.

    Same goes for floppy (albeit not *that* necessary). And without a cdrom, how are you supposed to install an os on an empty disk? I have seen very few systems distributed as qemu image (ReactOS comes to mind).

    Leave a comment:


  • uid313
    replied
    How about they just make a no-frills, legacy-free, barebone virtual machine without all the crap?

    No floppy, CD-ROM, PS/2, COM/LPT (serial, paralell) ports, FireWire, or any of that.
    Just Ethernet, maybe VGA, and maybe at most USB, but that is pushing it.

    Leave a comment:


  • QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive

    Phoronix: QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive

    Back in May was the big "VENOM" security vulnerability affect QEMU whereby VM security could be escaped through QEMU's virtual floppy disk drive. In June was a PCNET controller buffer overflow allowing a guest to escape to have host access. Today there's a similar security vulnerability going public about its virtual CD-ROM drive...

    http://www.phoronix.com/scan.php?pag...EMU-CD-ROM-CVE
Working...
X