[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access
Zhangbo (Oscar)
oscar.zhangbo at huawei.com
Sat Aug 26 01:12:32 UTC 2017
>>>Host can read all of the guest's memory or mount the image and modify
>>>the guest agent. Or even add their own communication program that can
>>>do anything.
>>>
>>
>>I get your point now! :) Thanks a lot!!
>>
>>Further more, kvm seems not as secure as xen, because xen isolates dom0 and
>domU well,
>>The administrator on dom0 couldn't access many things belonged to domUs.
>>How to solve such problem in kvm? Any scheme?
>
>I don't know xen much, but maybe AMD SEV or everything-signed-by TPM
>would help...
Thank you , I'll look further into them.
More information about the libvir-list
mailing list