[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

Martin Kletzander mkletzan at redhat.com
Fri Aug 25 09:54:35 UTC 2017

On Fri, Aug 25, 2017 at 08:59:54AM +0000, Zhangbo (Oscar) wrote:
>>On Fri, Aug 25, 2017 at 06:45:18AM +0000, Zhangbo (Oscar) wrote:
>>>Hi all:
>>>     The Host Administrator is capable of running any exec in guests via the
>>qemu-ga command "guest-exec", eg:
>>>        virsh qemu-agent-command test_guest '{"execute": "guest-exec",
>>"arguments": {"path": "ifconfig", "arg": [ "eth1", "" ],"capture-output":
>>true } }'
>>>       virsh qemu-agent-command test_guest '{"execute": "guest-exec-status",
>>"arguments": { "pid": 12425 } }'
>>>      The example above just change the guests' ip address, the Administrator
>>may also change guests' user password, get sensitive information, etc. which
>>causes Insider Access.
>>>      The Administrator also can use other commands such as "
>>guest-file-open" that also cause Insider Access.
>>>      So, how to avoid this security problem, what's your suggestion?
>>>      Thanks!
>>What's your setup that this, in particular, is your concern?  Do you
>>have everything encrypted by keys that are not reachable for the host
>>administrator?  How are those saved?  For example, how do you guard
>>against the host administrator killing the domain?  Or mounting the disk
>Killing the domain is acceptable somehow at some degree, but leaking sensitive
>information, for example, trade secret, is horrible. We most concern is to protect
>that information by (maybe)disabling "guest-exec" guest commands etc.

Host can read all of the guest's memory or mount the image and modify
the guest agent.  Or even add their own communication program that can
do anything.

>Another concern, as mentioned in another mail, is that, if the cloud tenant himself
>installed the guest agent, and doesn't know the "adding --blacklist" issue, that guest is in danger.
>>of the domain, doing whatever they want to with it and starting it back?
>>Or million other things that come to mind.  Not trusting the host
>>administrator is kinda (well, precisely) like not trusting root on *NIX
>>P.S.: Maybe more aluminium could help, but I haven't tried yet.
>>>Best Regrads
>>>libvir-list mailing list
>>>libvir-list at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170825/19aadfca/attachment-0001.sig>

More information about the libvir-list mailing list