From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Richard W.M. Jones" <rjones@redhat.com>
Subject: Re: Guest kernel device compatability auto-detection
Date: Fri, 26 Aug 2011 09:04:55 +0100
Message-ID: <20110826080455.GF3905@amd.home.annexia.org>
References: <1314249688.3459.23.camel@lappy> <4E55DE90.2020503@redhat.com>
	<20110825073212.GD3905@amd.home.annexia.org>
	<1314258034.3692.7.camel@lappy>
	<20110825074825.GA1106@amd.home.annexia.org>
	<20110825100124.GA3197@amd.home.annexia.org>
	<559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com>
	<1314339765.3647.22.camel@lappy>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm <kvm@vger.kernel.org>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"Decker, Schorschi" <schorschi.decker@bankofamerica.com>,
	Avi Kivity <avi@redhat.com>
To: Sasha Levin <levinsasha928@gmail.com>
Return-path: <qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org>
Content-Disposition: inline
In-Reply-To: <1314339765.3647.22.camel@lappy>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: </archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org
Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org
List-Id: kvm.vger.kernel.org

On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote:
> On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote:
> > 2) implement the feature as an agent in the guest OS where the
> > hypervisor can only query the guest OS agent, using a standard TCP/IP
> > methodology.
>
> I was planning to implementing it by probing the image before
> actually booting it.  This process is completely offline and doesn't
> require interaction with the guest. The guest isn't even running at
> that point.

There are still plenty of security issues to be concerned about with
handling an offline guest.  It is quite possible for such a guest to
be booby-trapped in a way that allows an exploit.  I summarised some
of the issues I thought about here, but there are likely to be others:

http://libguestfs.org/guestfs.3.html#security

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:46452)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1QwrPT-0001rb-N8
	for qemu-devel@nongnu.org; Fri, 26 Aug 2011 04:05:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1QwrPS-00046C-7G
	for qemu-devel@nongnu.org; Fri, 26 Aug 2011 04:05:03 -0400
Received: from mx1.redhat.com ([209.132.183.28]:38242)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1QwrPR-00045e-S3
	for qemu-devel@nongnu.org; Fri, 26 Aug 2011 04:05:02 -0400
Date: Fri, 26 Aug 2011 09:04:55 +0100
From: "Richard W.M. Jones" <rjones@redhat.com>
Message-ID: <20110826080455.GF3905@amd.home.annexia.org>
References: <1314249688.3459.23.camel@lappy> <4E55DE90.2020503@redhat.com>
	<20110825073212.GD3905@amd.home.annexia.org>
	<1314258034.3692.7.camel@lappy>
	<20110825074825.GA1106@amd.home.annexia.org>
	<20110825100124.GA3197@amd.home.annexia.org>
	<559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com>
	<1314339765.3647.22.camel@lappy>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1314339765.3647.22.camel@lappy>
Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Sasha Levin <levinsasha928@gmail.com>
Cc: kvm <kvm@vger.kernel.org>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "Decker, Schorschi" <schorschi.decker@bankofamerica.com>, Avi Kivity <avi@redhat.com>

On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote:
> On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote:
> > 2) implement the feature as an agent in the guest OS where the
> > hypervisor can only query the guest OS agent, using a standard TCP/IP
> > methodology.
>
> I was planning to implementing it by probing the image before
> actually booting it.  This process is completely offline and doesn't
> require interaction with the guest. The guest isn't even running at
> that point.

There are still plenty of security issues to be concerned about with
handling an offline guest.  It is quite possible for such a guest to
be booby-trapped in a way that allows an exploit.  I summarised some
of the issues I thought about here, but there are likely to be others:

http://libguestfs.org/guestfs.3.html#security

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw