28 Aug
2017
28 Aug
'17
7:24 a.m.
On Sat, Aug 26, 2017 at 01:05:46 +0000, Zhangbo (Oscar) wrote:
On Fri, Aug 25, 2017 at 08:52:16 +0000, Zhangbo (Oscar) wrote:
On Fri, Aug 25, 2017 at 06:45:18 +0000, Zhangbo (Oscar) wrote:
[...]
If you don't trust the host, don't use it. There's no protection from reading the memory or disk images currently. See [1]. Note that even without the API, root can access all the stuff.
Thank you very much for the detailed reply, any future plan to solve such problem(host has too high authority to access guests' memory things)? What will be the potential mitigation?
The best mitigation is to not allow unauthorized access to the host. In other words: if you don't trust your cloud provider, host your stuff yourself.