Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access
On 08/25/2017 12:41 PM, Martin Kletzander wrote:
On Fri, Aug 25, 2017 at 10:29:03AM +0000, Zhangbo (Oscar) wrote:
>>
>> Host can read all of the guest's memory or mount the image and modify
>> the guest agent. Or even add their own communication program that can
>> do anything.
>>
>
> I get your point now! :) Thanks a lot!!
>
> Further more, kvm seems not as secure as xen, because xen isolates
> dom0 and domU well,
> The administrator on dom0 couldn't access many things belonged to domUs.
> How to solve such problem in kvm? Any scheme?
I don't know xen much, but maybe AMD SEV or everything-signed-by TPM
would help...
I'm no HW guy, but SEV looks like protection against physical attacks,
i.e. a guy working for some government agency walking around your server
room with a load of liquid gas. At first Intel's SGX [1] looked
promising, but apparently it's flawed. So currently I don't think
there's anything we can do. Except not give out root access to everyone.
Michal
1: https://en.wikipedia.org/wiki/Software_Guard_Extensions