From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50047)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bs41W-0008TL-RN
	for qemu-devel@nongnu.org; Thu, 06 Oct 2016 04:27:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bs41S-0005HV-QI
	for qemu-devel@nongnu.org; Thu, 06 Oct 2016 04:27:26 -0400
Received: from mx1.redhat.com ([209.132.183.28]:44622)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bs41S-0005HO-Jt
	for qemu-devel@nongnu.org; Thu, 06 Oct 2016 04:27:22 -0400
From: Markus Armbruster <armbru@redhat.com>
References: <CAOgv842jzM0LPuqkdBzR=BhPk==Hm+d4Xep++UN4oHfWmJksGA@mail.gmail.com>
	<07793b5d-2702-224f-fc9e-7b8328d0d3c1@redhat.com>
Date: Thu, 06 Oct 2016 10:27:19 +0200
In-Reply-To: <07793b5d-2702-224f-fc9e-7b8328d0d3c1@redhat.com> (Paolo
	Bonzini's message of "Thu, 6 Oct 2016 09:15:12 +0200")
Message-ID: <87y421hogo.fsf@dusky.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] QEMU - Security Research Questions
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Joey Connelly <joeyconnelly@u.boisestate.edu>, qemu-devel@nongnu.org

Paolo Bonzini <pbonzini@redhat.com> writes:

> On 06/10/2016 02:10, Joey Connelly wrote:
>> Hey QEMU dev group,
>> I'm a graduate student at Boise State University working on my thesis
>> involving Virtualization/Cloud Computing Security and I wanted to ask a few
>> questions:
>> 
>> *[QUESTION#1.]* From within a guest KVM/QEMU process (qemu-system-x86_64
>> -enable-kvm) can the VM invoke commands on its host - either through QEMU
>> Monitor Console commands, or by some other means I'm unaware of?
>> 
>> *[QUESTION#**2.]* Can a host administrator running a guest KVM/QEMU process
>> have QEMU Monitor Console commands invoked on that guest VM if *no*
>> "-monitor" option was used?
>>
>> *[QUESTION#**3.]* If a host admin creates a KVM/QEMU process with the
>> "qemu-system-x86_64 -enable-kvm -netdev tap,<...>" options is there a
>> KVM/QEMU specific way to query the "tap,<...>" information later after the
>> process has been created? (assuming your admin account maintains ring 0
>> permissions)
>
> No to all three.

The pedantically correct answer to #2 would be "not easily": you'd have
to play games with a debugger.