mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e246bf3ddc
qemu/docs
History
Stefan Hajnoczi e246bf3ddc docs: replace insecure /tmp examples in qsd docs 
World-writeable directories have security issues. Avoid showing them in
the documentation since someone might accidentally use them in
situations where they are insecure.

There tend to be 3 security problems:
1. Denial of service. An adversary may be able to create the file
   beforehand, consume all space/inodes, etc to sabotage us.
2. Impersonation. An adversary may be able to create a listen socket and
   accept incoming connections that were meant for us.
3. Unauthenticated client access. An adversary may be able to connect to
   us if we did not set the uid/gid and permissions correctly.

These can be prevented or mitigated with private /tmp, carefully setting
the umask, etc but that requires special action and does not apply to
all situations. Just avoid using /tmp in examples.

Reported-by: Richard W.M. Jones <rjones@redhat.com>
Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210301172728.135331-3-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08 14:55:19 +01:00
..
_templates docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
config docs: Grammar and spelling fixes 2018-07-13 10:16:04 +01:00
devel * fix --enable-fuzzing linker failures (Alexander) 2021-03-02 15:17:45 +00:00
interop ui/console: message surface tweaks. 2021-03-04 12:58:50 +00:00
specs pvpanic : update pvpanic spec document 2021-01-29 10:47:28 +00:00
sphinx docs/sphinx/qapidoc.py: Handle change of QAPI's builtin module name 2021-02-15 14:59:11 +00:00
spin docs: create config/, devel/ and spin/ subdirectories 2017-06-07 18:22:03 +02:00
system docs/system/arm/mps2.rst: Document the new mps3-an524 board 2021-03-08 11:54:16 +00:00
tools docs: replace insecure /tmp examples in qsd docs 2021-03-08 14:55:19 +01:00
user docs/user: Remove outdated 'Quick Start' section 2021-02-15 12:09:20 +01:00
amd-memory-encryption.txt confidential guest support: Update documentation 2021-02-08 16:57:38 +11:00
barrier.txt ui: add an embedded Barrier client 2019-09-17 13:43:22 +02:00
block-replication.txt colo: Update Documentation for continuous replication 2020-03-03 18:04:47 +08:00
bootindex.txt docs qemu-doc: Avoid ide-drive, it's deprecated 2017-06-04 18:42:55 +03:00
can.txt docs: Fix some typos (found by codespell) 2020-11-18 09:29:41 +01:00
ccid.txt docs: update to show preferred boolean syntax for -chardev 2021-02-25 14:14:33 +01:00
COLO-FT.txt docs: update to show preferred boolean syntax for -cpu 2021-02-25 14:14:33 +01:00
colo-proxy.txt docs: update to show preferred boolean syntax for -chardev 2021-02-25 14:14:33 +01:00
conf.py docs: Build and install all the docs in a single manual 2021-01-19 15:45:14 +00:00
confidential-guest-support.txt s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
defs.rst.inc docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
generic-loader.txt docs/generic-loader: mention U-Boot and Intel HEX executable formats 2018-08-20 11:24:31 +01:00
hyperv.txt i386/kvm: correct the meaning of '0xffffffff' value for hv-spinlocks 2020-09-18 13:49:54 -04:00
igd-assign.txt vfio/pci: Add IGD documentation 2016-05-26 11:12:05 -06:00
image-fuzzer.txt docs: List all image elements currently supported by the fuzzer 2014-09-22 11:39:35 +01:00
index.rst docs/index.rst, docs/index.html.in: Reorder manuals 2020-03-12 11:14:06 +00:00
memory-hotplug.txt docs: Grammar and spelling fixes 2018-07-13 10:16:04 +01:00
meson.build docs: don't install corresponding man page if guest agent is disabled 2021-02-08 14:43:55 +01:00
multi-thread-compression.txt Replace '-enable-kvm' with '-accel kvm' in docs and help texts 2018-06-28 19:05:32 +02:00
multiseat.txt tests/docker/test-mingw and docs: Remove --with-sdlabi=2.0 2019-02-04 15:25:21 +00:00
nvdimm.txt nvdimm: check -object memory-backend-file, readonly=on option 2021-02-01 17:07:34 -05:00
papr-pef.txt spapr: Add PEF based confidential guest support 2021-02-08 16:57:38 +11:00
pci_expander_bridge.txt pxb: cleanup 2016-03-11 16:59:12 +02:00
pcie_pci_bridge.txt pci: removed the is_express field since a uniform interface was inserted 2018-02-08 21:06:41 +02:00
pcie.txt docs: pcie: Spell out machine type needs for PCIe features 2018-03-01 16:25:37 +02:00
pvrdma.txt docs: Fix broken links 2020-09-01 09:31:33 +02:00
qcow2-cache.txt qcow2: Document the Extended L2 Entries feature 2020-08-25 08:33:20 +02:00
qdev-device-use.txt docs/qdev-device-use: Don't suggest -drive and -net can do USB 2020-09-03 09:58:39 +02:00
qemu_logo.pdf docs: add qemu logo to pdf 2017-01-16 10:11:43 +01:00
qemu-option-trace.rst.inc qemu-option-trace.rst.inc: Don't use option:: markup 2020-11-02 16:52:18 +00:00
qemupciserial.inf docs: Grammar and spelling fixes 2018-07-13 10:16:04 +01:00
rdma.txt docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
replay.txt docs: Fix some typos (found by codespell) 2020-11-18 09:29:41 +01:00
spice-port-fqdn.txt docs: add spice-port-fqdn.txt 2012-12-17 14:01:41 +01:00
throttle.txt docs: Document the throttle block filter 2020-10-02 15:46:40 +02:00
u2f.txt hw/usb: Add U2F device autoscan to passthru mode 2020-08-31 08:23:39 +02:00
usb2.txt docs/usb2.txt: ehci has six ports 2018-08-21 10:22:03 +02:00
usb-storage.txt usb: Fix typo in documentation 2017-01-24 23:26:52 +03:00
virtio-balloon-stats.txt Remove the deprecated -balloon option 2018-08-31 09:52:13 +02:00
xbzrle.txt docs/xbzrle: update 'cache miss rate' and 'encoding rate' to docs 2020-06-17 17:48:39 +01:00
xen-save-devices-state.txt Fix up dangling references to qmp-commands.* in comment and doc 2018-03-02 13:48:26 -06:00