qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] host and guest kernel trace merging


From: Eric Blake
Subject: Re: [Qemu-devel] [RFC] host and guest kernel trace merging
Date: Mon, 7 Mar 2016 09:10:10 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0

On 03/07/2016 08:49 AM, Steven Rostedt wrote:
> On Mon, 7 Mar 2016 15:17:05 +0000
> Stefan Hajnoczi <address@hidden> wrote:
> 
> 
>> qemu-guest-agent runs inside the guest and replies to RPC commands from
>> the host.  It is used for backups, shutdown, network configuration, etc.
>> From time to time people have wanted the ability to execute an arbitrary
>> command inside the guest and return the output.  This functionality has
>> never been merged, probably for the security reason.
> 
> How's the connection set up. That is, how does it know the commands are
> coming from the host? And how does it know that the commands from the
> host is from a trusted source? If the host is compromised, is there
> anything keeping an intruder from controlling the guest?

qemu-guest-agent uses a virtio channel, so only the host can be driving
that channel.  But how can a guest know that it trusts the host? It
can't.  A compromised host implicitly compromises all guests, and that's
always been the case.  At least qemu-guest-agent doesn't make the window
any larger.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]