[libvirt] Looking for Hypervisor Vulerability Example
Daniel P. Berrange
berrange at redhat.com
Mon Dec 6 10:29:56 UTC 2010
On Thu, Dec 02, 2010 at 03:04:35PM -0800, Shi Jin wrote:
> > James Morris' presentation is referring to this published
> > demonstration
> > of exploiting Xen a few years ago
> >
> > http://www.securityfocus.com/archive/1/497376
> > http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf
> >
> > The key difference sVirt makes is at chapter 3.4 in the
> > paper.
> >
> > In Xen world, there was a single SELinux domain (xend_t)
> > that covered
> > XenD and all the QEMU processes. Since all VMs & XenD
> > ran as the same
> > context, any exploited QEMU process in Xen, could access
> > any other
> > guest disks, as well as any host disks.
> >
> > In the KVM + sVirt world, every QEMU process is separated
> > by a dedicated
> > MCS category on its SELinux context. The disks assigned to
> > a guest are
> > labelled with the same MCS category. This means that an
> > exploited QEMU
> > can only access disks which were explicitly assigned to it,
> > and cannot
> > access the host disk devices. This prevents the step in
> > that paper
> > where they overwrite various key files in the host OS root
> > filesystem
>
> Is there any well documented KVM exploit that can be reproduced
> without too much trouble, assuming SELinux (sVirt) is turned
> off? Then I can demonostrate the effect of sVirt by turning it on.
I'm not aware of any documented KVM exploit.
Regards,
Daniel
More information about the libvir-list
mailing list