[Whonix-devel] Fwd: Re: [libvirt-users] QEMU guest-agent safety in hostile VM?

procmem procmem at riseup.net
Thu Mar 1 00:28:32 CET 2018




-------- Forwarded Message --------
Subject: Re: [libvirt-users] QEMU guest-agent safety in hostile VM?
Date: Wed, 28 Feb 2018 19:22:22 +0000
From: Daniel P. Berrangé <berrange at redhat.com>
Reply-To: Daniel P. Berrangé <berrange at redhat.com>
To: procmem <procmem at riseup.net>

On Wed, Feb 28, 2018 at 07:15:47PM +0000, procmem wrote:
> 
> 
> Daniel P. Berrangé:
> > On Wed, Feb 28, 2018 at 07:02:53PM +0000, procmem wrote:
> >>
> >>
> >> Daniel P. Berrangé:
> >>> On Wed, Feb 28, 2018 at 06:11:52PM +0000, procmem wrote:
> >>>> Hi. Is it still considered risky to use the QEMU guest agent in an
> >>>> untrusted guest? A warning on these lines was written in the manual a
> >>>> few years back when the feature made its debut. I wanted to know if it
> >>>> was hardened since.
> >>>
> >>> Anything running on the host that relies on the guest agent needs to be
> >>> written to expect a hostile agent. The agent may simply never respond
> >>> to commands, or may return you completely garbage data. There's nothing
> >>> we can do to prevent this, since the guest agent is under the guest OS
> >>> admin's control. So host apps/admins need to be super-paranoid when
> >>> dealing with / interpreting any response.
> >>>
> >>> Libvirt should at least take care of parsing the response and timing
> >>> out if it doesn't reply in time. We can't guarantee the info libvirt
> >>> gets back is sane though.
> >>>
> >>
> >> Understood, but as afar as VM escapes are concerned, I'm good?
> > 
> > If the process on the host that is reading from the guest agent has a bug
> > in its handling of agent replies, it is conceivable that the guest could
> > feed it just the right data to cause arbitrary code execution. It entirely
> > depends on what the bug is though and I don't know of any such bugs. This
> > would be the same kind of scenario as any network based server that had a
> > remote code execution flaw. These things aren't common, but there's never
> > any guarantee the implementation is perfect.
> > 
> > Regards,
> > Daniel
> > 
> 
> 
> Thanks for your reply. I should have referenced the original doc I was
> asking about.
> 
> https://wiki.qemu.org/Features/GuestAgent#Security_Considerations
> 
> " The following security issues need to be resolved in QMP:
> 
>     The JSON parser uses a recursive decent parser. Malicious input
> could potentially cause a stack overflow. Either implement a recursion
> depth counter, or switch the parser to only use tail recursion.
>     The JSON parser may not handle premature EOI all that well. I think
> I've worked out most of these issues but more rigorous testing is needed. "

>From QEMU's pov that's not an issue, since QEMU isn't responsible for
talking to the guest agent - libvirt owns that job. Libvirt uses the
YAJL parser, I don't think that's a rec descent parser, but I've
honestly not checked.


Regards,
Daniel
-- 
|: https://berrange.com      -o-
https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-
https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-
https://www.instagram.com/dberrange :|


More information about the Whonix-devel mailing list