* P J P (ppan...@redhat.com) wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > QEMU supports numerous virtualisation and emulation use cases. > It also offers many features to support guest's function(s). > > All of these use cases and features are not always security relevant. > Because some maybe used in trusted environments only. Some may still > be in experimental stage. While other could be very old and not > used or maintained actively. > > For security bug analysis we generally consider use cases wherein > QEMU is used in conjunction with the KVM hypervisor, which enables > guest to use hardware processor's virtualisation features. > > The CVE (or Security or Trust) Quotient field tries to capture this > sensitivity pertaining to a feature or section of the code. > > It indicates whether a potential issue should be treated as a security > one OR it could be fixed as a regular non-security bug. > > Suggested-by: Daniel P. Berrange <berra...@redhat.com> > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > MAINTAINERS | 324 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 324 insertions(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index fe8139f367..badf1dab6e 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -33,6 +33,14 @@ Descriptions of section entries: > Obsolete: Old code. Something tagged obsolete generally means > it has been replaced by a better system and you > should be using that. > + C: CVE/Security/Trust Quotient > + H:High - Feature (or code) is meant to be safe and used by untrusted > + guests. So any potential security issue must be processed > with > + due care and be considered as a CVE issue. > + L:Low - Feature (or code) is not meant to be safe OR is experimental > + OR is used in trusted environments only OR is not well > + maintained. So any potential security issue can be processed > + and fixed as regular non-security bug. No need for a CVE.
That's a lot of OR's and it causes problems; .... > QMP > M: Markus Armbruster <arm...@redhat.com> > S: Supported > +C: Low > F: monitor/monitor-internal.h > F: monitor/qmp* > F: monitor/misc.c QMP is critical to many uses, so you wouldn't want to exclude it from a secure build; any security issue with it (e.g. misparsing an argument) would be very serious and would need to be looked at; but QMP is expected to be talking to another trusted endpoint. Dave -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
