[libvirt] Malicious guests and entropy pool access risks
Hello. While I've been enabling virtio-rng since it became available I recently understood that without restrictions a malicious guest can potentially starve other VMs' entropy by overusing /dev/random so I set the rate limit. Another question comes to mind. Does the way virtio-rng works pose a security risk? - does it allow the guest to spy on the host's entropy pool? (If so I'll have to disable it for untrusted VMs immediately)
On 29.09.2016 22:43, bancfc@openmailbox.org wrote:
Hello. While I've been enabling virtio-rng since it became available I recently understood that without restrictions a malicious guest can potentially starve other VMs' entropy by overusing /dev/random so I set the rate limit.
Another question comes to mind. Does the way virtio-rng works pose a security risk? - does it allow the guest to spy on the host's entropy pool? (If so I'll have to disable it for untrusted VMs immediately)
Well, is it possible from say X bytes of /dev/random predict X+1 byte? If yes, then this is a security risk. If no, then you should be safe. But I'm no security expert. Michal
participants (2)
-
bancfc@openmailbox.org -
Michal Privoznik