[libvirt] [PATCH 0/5] add usb redirection filter support
Hans de Goede
hdegoede at redhat.com
Tue Aug 21 10:46:41 UTC 2012
Hi,
On 08/21/2012 11:23 AM, Daniel P. Berrange wrote:
<Snip>
>> We want the admin of the vm to be able to set policy as to which devices
>> can be redirected to the vm, for example for security reasons. Clearly the
>> right place to enforce such a policy is the host and not the client, esp.
>> since the client may be outside of the control of the vm admin.
>
> What kind of threat are you expecting this to protect against ? I don't
> really see that black/white-listing on vendor/product ID is going to
> provide a very credible level of security protection. Chances are that
> if there is a flaw in the guest OS or QEMU, the attacker could simply
> spoof the required product/vendor ID and then send specially crafted
> USB packets to exploit the flaw anyway.
One example would be the vm to contain sensitive information and the admin
not wanting users to be able to redirect USB-mass-storage devices to it,
while still allowing the use of other USB peripherals. Note that the filtering
is not just by ID, it also is by class.
TBH I'm amazed we are having this discussion, everyone I've talked to before
agrees that allowing a vm admin to limit which kind of USB devices can be
redirected is a reasonable, desirable even thing to have, and agrees the
proper place for this, as a per vm setting, is on the host.
Also note that the proprietary Spice usb-redir solution which the new FOSS
usb-redir code is replacing has this ability too, and currently you can
configure a filter from RHEV-M, so from the host / vm management software.
Regards,
Hans
More information about the libvir-list
mailing list