[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QEMU - Security Research Questions
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] QEMU - Security Research Questions |
Date: |
Thu, 6 Oct 2016 09:15:12 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 |
On 06/10/2016 02:10, Joey Connelly wrote:
> Hey QEMU dev group,
> I'm a graduate student at Boise State University working on my thesis
> involving Virtualization/Cloud Computing Security and I wanted to ask a few
> questions:
>
> *[QUESTION#1.]* From within a guest KVM/QEMU process (qemu-system-x86_64
> -enable-kvm) can the VM invoke commands on its host - either through QEMU
> Monitor Console commands, or by some other means I'm unaware of?
>
> *[QUESTION#**2.]* Can a host administrator running a guest KVM/QEMU process
> have QEMU Monitor Console commands invoked on that guest VM if *no*
> "-monitor" option was used?
>
> *[QUESTION#**3.]* If a host admin creates a KVM/QEMU process with the
> "qemu-system-x86_64 -enable-kvm -netdev tap,<...>" options is there a
> KVM/QEMU specific way to query the "tap,<...>" information later after the
> process has been created? (assuming your admin account maintains ring 0
> permissions)
No to all three.
Paolo