[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access



On Sat, Aug 26, 2017 at 01:05:46 +0000, Zhangbo (Oscar) wrote:
> >On Fri, Aug 25, 2017 at 08:52:16 +0000, Zhangbo (Oscar) wrote:
> >> >On Fri, Aug 25, 2017 at 06:45:18 +0000, Zhangbo (Oscar) wrote:

[...]

> >If you don't trust the host, don't use it. There's no protection from
> >reading the memory or disk images currently. See [1]. Note that even
> >without the API, root can access all the stuff.
> 
> Thank you very much for the detailed reply, any future plan to solve such problem(host 
> has too high authority to access guests' memory things)? What will be the potential mitigation?

The best mitigation is to not allow unauthorized access to the host. In
other words: if you don't trust your cloud provider, host your stuff
yourself.

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]