Re: Looking for Hypervisor Vulerability Example

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 02, 2010 at 03:04:35PM -0800, Shi Jin wrote:
> > James Morris' presentation is referring to this published
> > demonstration
> > of exploiting Xen a few years ago
> > 
> > Â http://www.securityfocus.com/archive/1/497376
> > Â http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf
> > 
> > The key difference sVirt makes is at chapter 3.4 in the
> > paper.
> > 
> > In Xen world, there was a single SELinux domain (xend_t)
> > that covered
> > XenD and all the QEMU processes. Since all VMs & XenD
> > ran as the same
> > context, any exploited QEMU process in Xen, could access
> > any other
> > guest disks, as well as any host disks.
> > 
> > In the KVM + sVirt world, every QEMU process is separated
> > by a dedicated
> > MCS category on its SELinux context. The disks assigned to
> > a guest are
> > labelled with the same MCS category. This means that an
> > exploited QEMU
> > can only access disks which were explicitly assigned to it,
> > and cannot
> > access the host disk devices. This prevents the step in
> > that paper
> > where they overwrite various key files in the host OS root
> > filesystem
>
> Is there any well documented KVM exploit that can be reproduced
> without too much trouble, assuming SELinux (sVirt) is turned
> off? Then I can demonostrate the effect of sVirt by turning it on.

I'm not aware of any documented KVM exploit.

Regards,
Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]