[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access
pkrempa at redhat.com
Mon Aug 28 07:24:00 UTC 2017
On Sat, Aug 26, 2017 at 01:05:46 +0000, Zhangbo (Oscar) wrote:
> >On Fri, Aug 25, 2017 at 08:52:16 +0000, Zhangbo (Oscar) wrote:
> >> >On Fri, Aug 25, 2017 at 06:45:18 +0000, Zhangbo (Oscar) wrote:
> >If you don't trust the host, don't use it. There's no protection from
> >reading the memory or disk images currently. See . Note that even
> >without the API, root can access all the stuff.
> Thank you very much for the detailed reply, any future plan to solve such problem(host
> has too high authority to access guests' memory things)? What will be the potential mitigation?
The best mitigation is to not allow unauthorized access to the host. In
other words: if you don't trust your cloud provider, host your stuff
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the libvir-list