From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Richard W.M. Jones" Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection Date: Fri, 26 Aug 2011 11:28:18 +0100 Message-ID: <20110826102818.GG3905@amd.home.annexia.org> References: <1314249688.3459.23.camel@lappy> <4E55DE90.2020503@redhat.com> <20110825073212.GD3905@amd.home.annexia.org> <1314258034.3692.7.camel@lappy> <20110825074825.GA1106@amd.home.annexia.org> <20110825100124.GA3197@amd.home.annexia.org> <559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com> <1314339765.3647.22.camel@lappy> <20110826080455.GF3905@amd.home.annexia.org> <1314353929.3647.42.camel@lappy> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Decker, Schorschi" , "qemu-devel@nongnu.org" , Avi Kivity , kvm To: Sasha Levin Return-path: Received: from mx1.redhat.com ([209.132.183.28]:62101 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754882Ab1HZK2X (ORCPT ); Fri, 26 Aug 2011 06:28:23 -0400 Content-Disposition: inline In-Reply-To: <1314353929.3647.42.camel@lappy> Sender: kvm-owner@vger.kernel.org List-ID: On Fri, Aug 26, 2011 at 01:18:49PM +0300, Sasha Levin wrote: > On Fri, 2011-08-26 at 09:04 +0100, Richard W.M. Jones wrote: > > On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote: > > > On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote: > > > > 2) implement the feature as an agent in the guest OS where the > > > > hypervisor can only query the guest OS agent, using a standard TCP/IP > > > > methodology. > > > > > > I was planning to implementing it by probing the image before > > > actually booting it. This process is completely offline and doesn't > > > require interaction with the guest. The guest isn't even running at > > > that point. > > > > There are still plenty of security issues to be concerned about with > > handling an offline guest. It is quite possible for such a guest to > > be booby-trapped in a way that allows an exploit. I summarised some > > of the issues I thought about here, but there are likely to be others: > > > > http://libguestfs.org/guestfs.3.html#security > > That was an interesting read. > > Are the concerns still valid if we were going to boot the image anyway > later on? Yes. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:56705) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QwteC-0002n8-3d for qemu-devel@nongnu.org; Fri, 26 Aug 2011 06:28:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QwteA-00065B-Uv for qemu-devel@nongnu.org; Fri, 26 Aug 2011 06:28:24 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48054) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QwteA-000657-MY for qemu-devel@nongnu.org; Fri, 26 Aug 2011 06:28:22 -0400 Date: Fri, 26 Aug 2011 11:28:18 +0100 From: "Richard W.M. Jones" Message-ID: <20110826102818.GG3905@amd.home.annexia.org> References: <1314249688.3459.23.camel@lappy> <4E55DE90.2020503@redhat.com> <20110825073212.GD3905@amd.home.annexia.org> <1314258034.3692.7.camel@lappy> <20110825074825.GA1106@amd.home.annexia.org> <20110825100124.GA3197@amd.home.annexia.org> <559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com> <1314339765.3647.22.camel@lappy> <20110826080455.GF3905@amd.home.annexia.org> <1314353929.3647.42.camel@lappy> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1314353929.3647.42.camel@lappy> Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Sasha Levin Cc: kvm , "qemu-devel@nongnu.org" , "Decker, Schorschi" , Avi Kivity On Fri, Aug 26, 2011 at 01:18:49PM +0300, Sasha Levin wrote: > On Fri, 2011-08-26 at 09:04 +0100, Richard W.M. Jones wrote: > > On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote: > > > On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote: > > > > 2) implement the feature as an agent in the guest OS where the > > > > hypervisor can only query the guest OS agent, using a standard TCP/IP > > > > methodology. > > > > > > I was planning to implementing it by probing the image before > > > actually booting it. This process is completely offline and doesn't > > > require interaction with the guest. The guest isn't even running at > > > that point. > > > > There are still plenty of security issues to be concerned about with > > handling an offline guest. It is quite possible for such a guest to > > be booby-trapped in a way that allows an exploit. I summarised some > > of the issues I thought about here, but there are likely to be others: > > > > http://libguestfs.org/guestfs.3.html#security > > That was an interesting read. > > Are the concerns still valid if we were going to boot the image anyway > later on? Yes. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org