Re: [Qemu-devel] [RFC] host and guest kernel trace merging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/07/2016 08:49 AM, Steven Rostedt wrote:
> On Mon, 7 Mar 2016 15:17:05 +0000
> Stefan Hajnoczi <stefanha@xxxxxxxxxx> wrote:
> 
> 
>> qemu-guest-agent runs inside the guest and replies to RPC commands from
>> the host.  It is used for backups, shutdown, network configuration, etc.
>> From time to time people have wanted the ability to execute an arbitrary
>> command inside the guest and return the output.  This functionality has
>> never been merged, probably for the security reason.
> 
> How's the connection set up. That is, how does it know the commands are
> coming from the host? And how does it know that the commands from the
> host is from a trusted source? If the host is compromised, is there
> anything keeping an intruder from controlling the guest?

qemu-guest-agent uses a virtio channel, so only the host can be driving
that channel.  But how can a guest know that it trusts the host? It
can't.  A compromised host implicitly compromises all guests, and that's
always been the case.  At least qemu-guest-agent doesn't make the window
any larger.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux