On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote: > On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote: > > 2) implement the feature as an agent in the guest OS where the > > hypervisor can only query the guest OS agent, using a standard TCP/IP > > methodology. > > I was planning to implementing it by probing the image before > actually booting it. This process is completely offline and doesn't > require interaction with the guest. The guest isn't even running at > that point. There are still plenty of security issues to be concerned about with handling an offline guest. It is quite possible for such a guest to be booby-trapped in a way that allows an exploit. I summarised some of the issues I thought about here, but there are likely to be others: http://libguestfs.org/guestfs.3.html#security Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
