Originally posted by Delgarde
View Post
Announcement
Collapse
No announcement yet.
QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive
Collapse
X
-
Originally posted by wagaf View PostI also guess that USB VM drivers are even more bug-prone.
Leave a comment:
-
Originally posted by Delgarde View Post
I think you're overlooking the fact that we're talking about VMs here, not physical machines. Nobody is talking about using real CDs here, but mounting an ISO image as a virtual CD drive remains the standard way of installing an OS on a VM.
I also guess that USB VM drivers are even more bug-prone.
Leave a comment:
-
Originally posted by wagaf View PostWhat's a "cdrom" ?
I use USB flash drives like everyone...
Leave a comment:
-
Originally posted by nanonyme View PostYou're in minority then. CD images are *the* way to install stuff on virtual machines still
I usually bootstrap the system directly or just do a PXE boot. But there is no real harm in including this capability, still a QEMU machine type without legacy cruft would be appreciated.
And most VMs are likely installed from images (consider how many are run by the largest "cloud" providers alone)Last edited by nils_; 27 July 2015, 04:11 PM.
Leave a comment:
-
Originally posted by Rexilion View Post
I would not be happy to install Windows on hardware just to use some piece of software to communicate with a device over 'COM/LPT (serial, paralell) ports, FireWire, or any of that'.
Same goes for floppy (albeit not *that* necessary). And without a cdrom, how are you supposed to install an os on an empty disk? I have seen very few systems distributed as qemu image (ReactOS comes to mind).
I use USB flash drives like everyone...
Leave a comment:
-
Originally posted by uid313 View PostHow about they just make a no-frills, legacy-free, barebone virtual machine without all the crap?
No floppy, CD-ROM, PS/2, COM/LPT (serial, paralell) ports, FireWire, or any of that.
Just Ethernet, maybe VGA, and maybe at most USB, but that is pushing it.
Same goes for floppy (albeit not *that* necessary). And without a cdrom, how are you supposed to install an os on an empty disk? I have seen very few systems distributed as qemu image (ReactOS comes to mind).
Leave a comment:
-
How about they just make a no-frills, legacy-free, barebone virtual machine without all the crap?
No floppy, CD-ROM, PS/2, COM/LPT (serial, paralell) ports, FireWire, or any of that.
Just Ethernet, maybe VGA, and maybe at most USB, but that is pushing it.
Leave a comment:
-
QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive
Phoronix: QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive
Back in May was the big "VENOM" security vulnerability affect QEMU whereby VM security could be escaped through QEMU's virtual floppy disk drive. In June was a PCNET controller buffer overflow allowing a guest to escape to have host access. Today there's a similar security vulnerability going public about its virtual CD-ROM drive...
Tags: None
Leave a comment: