Bug 1791679

Summary: QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-7]
Product: Red Hat Enterprise Linux 7 Reporter: Prasad Pandit <ppandit>
Component: qemu-kvmAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED ERRATA QA Contact: Quan Wenli <wquan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.8CC: chayang, jinzhao, juzhang, mrezanin, mtessun, philmd, rbalakri, virt-bugs, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-1.5.3-174.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1791677
: 1791680 (view as bug list) Environment:
Last Closed: 2020-09-29 19:50:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1791677    
Bug Blocks: 1791680    

Description Prasad Pandit 2020-01-16 11:13:07 UTC 
+++ This bug was initially created as a clone of Bug #1791677 +++

Description of problem:

Upstream libslirp has disabled emulation of the tcp programs like ftp/IRC etc. in user-mode SLiRP networking since v4.1.0.

 ->  https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91

   emu: disable by default

tcp_emu() is known to have caused several CVEs, and not useful today in most cases.

https://nvd.nist.gov/vuln/detail/CVE-2019-6778
https://nvd.nist.gov/vuln/detail/CVE-2019-9824

The feature can be still enabled by setting SlirpConfig.enable_emu to
true.

* Please include this patch in the qemu-kvm package versions of RHEL too.

* It'll probably be better to disable user-mode SLiRP networking itself in qemu-kvm.

  ie. compile qemu-kvm package with '--disable-slirp' configure option.
Comment 7 Quan Wenli 2020-03-23 05:20:46 UTC 
Has successful reproduced it with qemu-kvm-1.5.3-173.el7 and Verified it with fix version qemu-kvm-1.5.3-174.el7. 

Steps:
1. boot up guest with "/usr/libexec/qemu-kvm -enable-kvm -nographic -m 2048 -net user,hostfwd=tcp::2222-:22 -net nic /root/rhel78-64-virtio.qcow2"
2. nc -l 127.0.0.1 113 on host
3. run on guest
nc -C 10.0.2.2 113 
1234    ,   4321 

Results:

With qemu-kvm-1.5.3-173.el7:

# nc -l 127.0.0.1 113
1234,4321

With qemu-kvm-1.5.3-174.el7:
# nc -l 127.0.0.1 113
1234    ,   4321

Base on above, set it to VERIFIED. Thanks all
Comment 9 errata-xmlrpc 2020-09-29 19:50:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: qemu-kvm security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3906