On 07/03/2016 17:26, Steven Rostedt wrote: > > > How's the connection set up. That is, how does it know the commands are > > > coming from the host? And how does it know that the commands from the > > > host is from a trusted source? If the host is compromised, is there > > > anything keeping an intruder from controlling the guest? > > > > qemu-guest-agent uses a virtio channel, so only the host can be driving > > that channel. But how can a guest know that it trusts the host? It > > can't. A compromised host implicitly compromises all guests, and that's > > always been the case. At least qemu-guest-agent doesn't make the window > > any larger. > > I should have been a bit more clear about what I meant by "host is > compromised". I should have asked, what about untrusted tasks on the > host. Is the channel protected where only admin users can access it?
The other side of the channel is typically a socket or a pty, so it's protected by file permissions, SELinux, and the like. Paolo
