[Gllug] Memory scanning

James Courtier-Dutton james.dutton at gmail.com
Mon Sep 6 13:03:02 UTC 2010


On 6 September 2010 13:28, Daniel P. Berrange <dan at berrange.com> wrote:
> On Mon, Sep 06, 2010 at 01:22:04PM +0100, James Courtier-Dutton wrote:
>> On 6 September 2010 13:13, Richard Jones <rich at annexia.org> wrote:
>> > On Mon, Sep 06, 2010 at 01:10:24PM +0100, James Courtier-Dutton wrote:
>> >> Fortunately, the guest OS to host OS attack surface is small,
>> >
>> > Ha ha ha, yes, you keep on believing :-)
>> >
>>
>> Ha ha ha, yes, the guest OS to host OS attack surface is approx equal
>> to x86_amd64 CPU instruction set!!!
>> So, my use of the "small" word was maybe a little off the mark. ;-)
>
> It is not just the instruction set you need to be worried about. If
> you look at the security updates, there's a good mix of flaws from
> the instruction handling, with flaws in the QEMU device emulation
> layer. It is "fun"[1] trying to make QEMU have the lowest possible
> privileges, while still giving it access to privileged resources
> like disks, TAP devices, host PCI & USB devices and who knows what
> else the user wants their guest to access.
>
True
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list