On Fri, 2011-08-26 at 09:04 +0100, Richard W.M. Jones wrote: > On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote: > > On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote: > > > 2) implement the feature as an agent in the guest OS where the > > > hypervisor can only query the guest OS agent, using a standard TCP/IP > > > methodology. > > > > I was planning to implementing it by probing the image before > > actually booting it. This process is completely offline and doesn't > > require interaction with the guest. The guest isn't even running at > > that point. > > There are still plenty of security issues to be concerned about with > handling an offline guest. It is quite possible for such a guest to > be booby-trapped in a way that allows an exploit. I summarised some > of the issues I thought about here, but there are likely to be others: > > http://libguestfs.org/guestfs.3.html#security That was an interesting read. Are the concerns still valid if we were going to boot the image anyway later on? I'm assuming that probing would happen only before we're trying to boot a guest, and not just probe any image file we find. -- Sasha. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
