Re: [libvirt] Malicious guests and entropy pool access risks
On 29.09.2016 22:43, bancfc(a)openmailbox.org wrote:
Hello. While I've been enabling virtio-rng since it became
available I
recently understood that without restrictions a malicious guest can
potentially starve other VMs' entropy by overusing /dev/random so I set
the rate limit.
Another question comes to mind. Does the way virtio-rng works pose a
security risk? - does it allow the guest to spy on the host's entropy
pool? (If so I'll have to disable it for untrusted VMs immediately)
Well, is it possible from say X bytes of /dev/random predict X+1 byte?
If yes, then this is a security risk. If no, then you should be safe.
But I'm no security expert.
Michal