Re: SPICE and guest breakout risk assessment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/30/2013 08:44 AM, adrelanos wrote:
> Hi,
> 
> I am currently working on testing out KVM as a platform for Whonix, a
> Debian based spin with anonymity enforcement via usage of virtual
> machines. All traffic from a workstation vm is forced through a Tor
> gateway on the second gateway vm. Safeguarding against high level
> attacks (0days and advanced persistent threats) is our top priority and
> so right now we are hammering out the details of what virtual hardware
> should be attached into the vms.
> 
> In your opinion is enabling SPICE and 2D acceleration via QXL+vdagent in
> the guest, a security risk to the host? Consider this question in a
> scenario where the host is a RedHat derivative that has SElinux and
> secomp enabled for QEMU. We want to find out whether this is a case of
> security vs convenience.

Enabling spice adds more code running on the host in the same context as
the qemu process (libspice-server is linked to qemu), so I'd say yes
(not sure what risk is acceptable, or what risk means exactly, but it is
a risk in the english sense :).

> 
> Thanks for you time.
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
> 

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]