[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Re: Re: Killing KQEMU
From: |
Paul Brook |
Subject: |
Re: [Qemu-devel] Re: Re: Killing KQEMU |
Date: |
Thu, 4 Jun 2009 01:22:33 +0100 |
User-agent: |
KMail/1.11.2 (Linux/2.6.29-2-amd64; KDE/4.2.4; x86_64; ; ) |
> > More like "impossible because it *should* never happen". kqemu is not
> > known to be secure.
>
> Did you mean "kqemu is known to not be secure" or is this just FUD?
AFAIK noone has produced a real-work exploit, but see below.
> The KQEMU technical documentation on the QEMU website specifically
> stresses that no VM code is run at kernel level, so someone was thinking
> about security when it was written.
Absolutely not.
The fact that all guest code is run in ring3 is in no way in indication that
the end result is secure. I know from experience[1] that there are many ways
that such a VM an be compromised. Pretty much every mainstream x86 operating
system in the last 15 years runs application code in ring3, but that doesn't
mean they're even vaguely secure.
My understanding is that kqemu is known to not work correctly under certain
circumstances. It's possible that this never occurs when common guest
operating systems are operating normally. However if a guest is compromised it
is likely that it will be able to either compromise or DoS(crash) the host
machine. Empirical evidence suggests that in practice this happens even
without malicious intent.
Paul
[1] I wrote a prototype kqemu equivalent, so have been intimately familiar
with many of the things that can go wrong.
- [Qemu-devel] Re: Killing KQEMU, (continued)
- Re: [Qemu-devel] Re: Killing KQEMU, Andreas Färber, 2009/06/06
- Re: [Qemu-devel] Re: Killing KQEMU, Paul Brook, 2009/06/06
- Re: [Qemu-devel] Re: Killing KQEMU, Andreas Färber, 2009/06/06
- Re: [Qemu-devel] Re: Killing KQEMU, Gleb Natapov, 2009/06/06
- Re: [Qemu-devel] Re: Killing KQEMU, Avi Kivity, 2009/06/06
- Re: [Qemu-devel] Re: Killing KQEMU, Gerd Hoffmann, 2009/06/02
- Re: [Qemu-devel] Re: Killing KQEMU, Stuart Brady, 2009/06/02
- [Qemu-devel] Re: Re: Killing KQEMU, Chris Frey, 2009/06/03
- Re: [Qemu-devel] Re: Re: Killing KQEMU,
Paul Brook <=
Re: [Qemu-devel] Killing KQEMU, Gleb Natapov, 2009/06/02
Re: [Qemu-devel] Killing KQEMU, Anton D Kachalov, 2009/06/02