Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access
On Sat, Aug 26, 2017 at 01:05:46 +0000, Zhangbo (Oscar) wrote:
>On Fri, Aug 25, 2017 at 08:52:16 +0000, Zhangbo (Oscar) wrote:
>> >On Fri, Aug 25, 2017 at 06:45:18 +0000, Zhangbo (Oscar) wrote:
[...]
>If you don't trust the host, don't use it. There's no
protection from
>reading the memory or disk images currently. See [1]. Note that even
>without the API, root can access all the stuff.
Thank you very much for the detailed reply, any future plan to solve such problem(host
has too high authority to access guests' memory things)? What will be the potential
mitigation?
The best mitigation is to not allow unauthorized access to the host. In
other words: if you don't trust your cloud provider, host your stuff
yourself.
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)