Control: severity -1 wishlist Control: tag -1 confirmed
On Thu, 11 Jul 2024 12:31:51 +0200 Laurent Bigonville <[email protected]> wrote:
Package: qemu-guest-agent Version: 1:7.2+dfsg-7+deb12u6 Severity: normal Hello, The service file qemu-guest-agent is not allowing to customize the options. Worst it seems that it's not blacklisting some of the RPC calls by default If I look at what fedora is doing it allows that and even does it by default: https://src.fedoraproject.org/rpms/qemu/blob/rawhide/f/qemu-guest-agent.service https://src.fedoraproject.org/rpms/qemu/blob/rawhide/f/qemu-ga.sysconfig That should be added I'm also wondering whether this is not a security issue too
I take the .service file from the upstream qemu. I don't see this is a security issue, since the host can control all aspects of all the guests anyway, as it can access whole guest memory and everything else, -- trying to protect a guest from access from the host is futile. Thanks, /mjt
