Re: QEMU guest-agent safety in hostile VM?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 28, 2018 at 06:11:52PM +0000, procmem wrote:
> Hi. Is it still considered risky to use the QEMU guest agent in an
> untrusted guest? A warning on these lines was written in the manual a
> few years back when the feature made its debut. I wanted to know if it
> was hardened since.

Anything running on the host that relies on the guest agent needs to be
written to expect a hostile agent. The agent may simply never respond
to commands, or may return you completely garbage data. There's nothing
we can do to prevent this, since the guest agent is under the guest OS
admin's control. So host apps/admins need to be super-paranoid when
dealing with / interpreting any response.

Libvirt should at least take care of parsing the response and timing
out if it doesn't reply in time. We can't guarantee the info libvirt
gets back is sane though.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users



[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux