[libvirt] Malicious guests and entropy pool access risks
Michal Privoznik
mprivozn at redhat.com
Fri Sep 30 15:04:34 UTC 2016
On 29.09.2016 22:43, bancfc at openmailbox.org wrote:
> Hello. While I've been enabling virtio-rng since it became available I
> recently understood that without restrictions a malicious guest can
> potentially starve other VMs' entropy by overusing /dev/random so I set
> the rate limit.
>
> Another question comes to mind. Does the way virtio-rng works pose a
> security risk? - does it allow the guest to spy on the host's entropy
> pool? (If so I'll have to disable it for untrusted VMs immediately)
>
Well, is it possible from say X bytes of /dev/random predict X+1 byte?
If yes, then this is a security risk. If no, then you should be safe.
But I'm no security expert.
Michal
More information about the libvir-list
mailing list