On Mon, Jul 24, 2023 at 12:08:00PM -0400, Solomon Peachy wrote: > On Mon, Jul 24, 2023 at 04:51:38PM +0100, Richard W.M. Jones wrote: > > You don't actually need to do any of this if you're using libguestfs, > > because the worst that can happen is the filesystem will pwn the > > kernel inside the KVM appliance (which is just a userspace process, so > > you can kill it). > > But if that kernel is pwn3d, won't that still allow arbitrary data to be > passed out to the host? (I confess to knowing very little about the > guts of libguestfs) If the malicious filesystem managed to execute code in the appliance, it would be able to feed custom data back to the host when the host called APIs like 'guestfs_read_file' to read a file, but that's just the same as a regular filesystem having files with data in them. There are probably more complex multi-step exploits possible, but it's still vastly safer than having your host kernel being rooted which is instant game over. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com nbdkit - Flexible, fast NBD server with plugins https://gitlab.com/nbdkit/nbdkit _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue