[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

Michal Privoznik mprivozn at redhat.com
Mon Aug 28 06:04:56 UTC 2017


On 08/25/2017 12:41 PM, Martin Kletzander wrote:
> On Fri, Aug 25, 2017 at 10:29:03AM +0000, Zhangbo (Oscar) wrote:
>>>
>>> Host can read all of the guest's memory or mount the image and modify
>>> the guest agent.  Or even add their own communication program that can
>>> do anything.
>>>
>>
>> I get your point now! :)  Thanks a lot!!
>>
>> Further more,  kvm seems not as secure as xen, because xen isolates
>> dom0 and domU well,
>> The administrator on dom0 couldn't access many things belonged to domUs.
>> How to solve such problem in kvm? Any scheme?
> 
> I don't know xen much, but maybe AMD SEV or everything-signed-by TPM
> would help...

I'm no HW guy, but SEV looks like protection against physical attacks,
i.e. a guy working for some government agency walking around your server
room with a load of liquid gas. At first Intel's SGX [1] looked
promising, but apparently it's flawed. So currently I don't think
there's anything we can do. Except not give out root access to everyone.

Michal

1: https://en.wikipedia.org/wiki/Software_Guard_Extensions




More information about the libvir-list mailing list