[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access
Peter Krempa
pkrempa at redhat.com
Mon Aug 28 07:24:00 UTC 2017
On Sat, Aug 26, 2017 at 01:05:46 +0000, Zhangbo (Oscar) wrote:
> >On Fri, Aug 25, 2017 at 08:52:16 +0000, Zhangbo (Oscar) wrote:
> >> >On Fri, Aug 25, 2017 at 06:45:18 +0000, Zhangbo (Oscar) wrote:
[...]
> >If you don't trust the host, don't use it. There's no protection from
> >reading the memory or disk images currently. See [1]. Note that even
> >without the API, root can access all the stuff.
>
> Thank you very much for the detailed reply, any future plan to solve such problem(host
> has too high authority to access guests' memory things)? What will be the potential mitigation?
The best mitigation is to not allow unauthorized access to the host. In
other words: if you don't trust your cloud provider, host your stuff
yourself.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170828/904f5ba6/attachment-0001.sig>
More information about the libvir-list
mailing list