* Anthony Liguori<aliguori@xxxxxxxxxxxxxxxxxx> wrote:
On 03/16/2010 10:52 AM, Ingo Molnar wrote:A security nightmare exactly how? Mind to go into details as i dont understand
You are quite mistaken: KVM isnt really a 'random unprivileged application' inRandom tools (like perf) should not be able to do what you describe. It's a
this context, it is clearly an extension of system/kernel services.
( Which can be seen from the simple fact that what started the discussion was
'how do we get /proc/kallsyms from the guest'. I.e. an extension of the
existing host-space /proc/kallsyms was desired. )
security nightmare.
your point.
Firstly, you are putting words into my mouth, as i said nothing about
No way. The guest has sensitive data and exposing it widely on the host is
a bad thing to do. [...]
'exposing it widely'. I suggest exposing it under the privileges of whoever
has access to the guest image.
Secondly, regarding confidentiality, and this is guest security 101: whoever
can access the image on the host _already_ has access to all the guest data!
A Linux image can generally be loopback mounted straight away:
losetup -o 32256 /dev/loop0 ./guest-image.img
mount -o ro /dev/loop0 /mnt-guest
(Or, if you are an unprivileged user who cannot mount, it can be read via ext2
tools.)
There's nothing the guest can do about that. The host is in total control of
guest image data for heaven's sake!
All i'm suggesting is to make what is already possible more convenient.
Ingo