Red Hat Bugzilla – Bug 599475
Potential security problem over migration port
Last modified: 2013-01-09 17:40:24 EST
Description of problem:
Migration through tcp connection requires an incoming tcp port for the dest host. If a malicious connection (e.g. a telnet probe) just happens before the migration instruction being entered. Migration will fail/hang.
Version-Release number of selected component (if applicable):
CLI on dest:
/usr/libexec/qemu-kvm -m 2G -smp 2 -drive file=win2008r2-64.qcow2,if=none,id=drive-virtio0,boot=on -device ide-drive,drive=drive-virtio0 -netdev tap,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,mac=76:00:40:3F:20:20,bus=pci.0,addr=0x4 -boot order=dc,menu=on -uuid 17644ecc-d3a1-4d3c-a386-12daf50015f2 -rtc base=utc -no-hpet -rtc-td-hack -no-kvm-pit-reinjection -monitor stdio -cpu qemu64,+sse2 -balloon none -vnc :1 -incoming tcp:0:5800
Steps to Reproduce:
1. Start VM on host machine (either with vnc or spice)
2. Start VM on dest machine with "-incoming tcp:0:5800"
3. telnet $dest 5800
4. from host machine, start migration
# migrate -d tcp:$dest:5800
# info migrate
Migration will never succeed.
Even if you stop the telnet process, and start VM listening on dest machine again, migration can no longer proceed unless migrate_cancel being instructed first.
Illegal port probe over migration port should be prohibited.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
Why is that a bug? Mgmt will re-issue the migration.
Anyway it seems like low priority. The host environment is presumed safe.