On Fri, Aug 25, 2017 at 06:45:18 +0000, Zhangbo (Oscar) wrote:
> Hi all:
> The Host Administrator is capable of running any exec in guests via the
> qemu-ga command "guest-exec", eg:
>
> virsh qemu-agent-command test_guest '{"execute": "guest-exec",
> "arguments": {"path": "ifconfig", "arg": [ "eth1", "192.168.0.99"
> ],"capture-output": true } }'
> {"return":{"pid":12425}}
> virsh qemu-agent-command test_guest '{"execute": "guest-exec-status",
> "arguments": { "pid": 12425 } }'
> {"return":{"exitcode":0,"exited":true}}
>
> The example above just change the guests' ip address, the Administrator
> may also change guests' user password, get sensitive information, etc. which
> causes Insider Access.
> The Administrator also can use other commands such as "
> guest-file-open" that also cause Insider Access.
>
> So, how to avoid this security problem, what's your suggestion?You can use the "--blacklist" facility of qemu-ga to disable APIs you don't want to support. Or don't run the guest agent at all.
signature.asc
Description: PGP signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
