From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sasha Levin <levinsasha928@gmail.com>
Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection
Date: Fri, 26 Aug 2011 13:18:49 +0300
Message-ID: <1314353929.3647.42.camel@lappy>
References: <1314249688.3459.23.camel@lappy> <4E55DE90.2020503@redhat.com>
	 <20110825073212.GD3905@amd.home.annexia.org>
	 <1314258034.3692.7.camel@lappy>
	 <20110825074825.GA1106@amd.home.annexia.org>
	 <20110825100124.GA3197@amd.home.annexia.org>
	 <559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com>
	 <1314339765.3647.22.camel@lappy>
	 <20110826080455.GF3905@amd.home.annexia.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: "Decker, Schorschi" <schorschi.decker@bankofamerica.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	Avi Kivity <avi@redhat.com>, kvm <kvm@vger.kernel.org>
To: "Richard W.M. Jones" <rjones@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-ww0-f44.google.com ([74.125.82.44]:61225 "EHLO
	mail-ww0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754803Ab1HZKS4 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 26 Aug 2011 06:18:56 -0400
Received: by wwf5 with SMTP id 5so3312975wwf.1
        for <kvm@vger.kernel.org>; Fri, 26 Aug 2011 03:18:55 -0700 (PDT)
In-Reply-To: <20110826080455.GF3905@amd.home.annexia.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Fri, 2011-08-26 at 09:04 +0100, Richard W.M. Jones wrote:
> On Fri, Aug 26, 2011 at 09:22:45AM +0300, Sasha Levin wrote:
> > On Thu, 2011-08-25 at 16:25 +0000, Decker, Schorschi wrote:
> > > 2) implement the feature as an agent in the guest OS where the
> > > hypervisor can only query the guest OS agent, using a standard TCP/IP
> > > methodology.
> >
> > I was planning to implementing it by probing the image before
> > actually booting it.  This process is completely offline and doesn't
> > require interaction with the guest. The guest isn't even running at
> > that point.
> 
> There are still plenty of security issues to be concerned about with
> handling an offline guest.  It is quite possible for such a guest to
> be booby-trapped in a way that allows an exploit.  I summarised some
> of the issues I thought about here, but there are likely to be others:
> 
> http://libguestfs.org/guestfs.3.html#security

That was an interesting read.

Are the concerns still valid if we were going to boot the image anyway
later on?

I'm assuming that probing would happen only before we're trying to boot
a guest, and not just probe any image file we find.

-- 

Sasha.