[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

Zhangbo (Oscar) Thu, 24 Aug 2017 23:53:03 -0700

Hi all:
     The Host Administrator is capable of running any exec in guests via the 
qemu-ga command "guest-exec", eg:


        virsh qemu-agent-command test_guest '{"execute": "guest-exec", 
"arguments": {"path": "ifconfig", "arg": [ "eth1", "192.168.0.99" 
],"capture-output": true } }'
{"return":{"pid":12425}}
       virsh qemu-agent-command test_guest '{"execute": "guest-exec-status", 
"arguments": { "pid": 12425 } }'
{"return":{"exitcode":0,"exited":true}}

      The example above just change the guests' ip address, the Administrator 
may also change guests' user password, get sensitive information, etc. which 
causes Insider Access.
      The Administrator also can use other commands such as " guest-file-open" 
that also cause Insider Access.

      So, how to avoid this security problem, what's your suggestion?
      Thanks!

Best Regrads
Oscar

--
libvir-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

Reply via email to