Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself?
On 08.04.2014 15:11, James B. Byrne wrote:
Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself?
I don't think your other VMs would be in any danger. This is a classic example where you can say virtualisation can be used safely and where the technology is better than mere "containers" which would arguably put you in a bad spot.
Imagine that is if a silly OpenSSL exploit could access the physical host, what a full fledged program could do. This is not the case, clearly; it would mean Google Compute Engine (and all KVM providers) would suddenly be pwned.
Lucian
-
James B. Byrne -
Nux!