[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access
Martin Kletzander
mkletzan at redhat.com
Fri Aug 25 10:41:53 UTC 2017
On Fri, Aug 25, 2017 at 10:29:03AM +0000, Zhangbo (Oscar) wrote:
>>
>>Host can read all of the guest's memory or mount the image and modify
>>the guest agent. Or even add their own communication program that can
>>do anything.
>>
>
>I get your point now! :) Thanks a lot!!
>
>Further more, kvm seems not as secure as xen, because xen isolates dom0 and domU well,
>The administrator on dom0 couldn't access many things belonged to domUs.
>How to solve such problem in kvm? Any scheme?
I don't know xen much, but maybe AMD SEV or everything-signed-by TPM
would help...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170825/3c3cdf67/attachment-0001.sig>
More information about the libvir-list
mailing list