What are the security risks of running QEMU/KVM as root?

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What are the security risks of running QEMU/KVM as root?

From:	Maxime Guerreiro
Subject:	What are the security risks of running QEMU/KVM as root?
Date:	Tue, 25 Aug 2020 14:46:47 +0200

Hello,

I'd be interested to learn more about the security 'vision' of qemu/kvm being
two components, one running in-kernel, one running in user land. What are the
security advantages of running guests as non-root?

In case of a qemu or KVM vulnerability, won't malicious guests gain kernel
privilege no matter what user is running qemu?

If a guest is able to execute arbitrary code as the "qemu" user, can
it escalate to
root privileges using /dev/kvm?

I've also asked this on StackExchange [1], for visibility.

Thanks,
Maxime

[1]: 
https://security.stackexchange.com/questions/236681/what-are-the-security-risks-of-running-qemu-kvm-as-root

[Prev in Thread]

Current Thread

[Next in Thread]

What are the security risks of running QEMU/KVM as root?, Maxime Guerreiro <=

Prev by Date: Re: [RFC PATCH v2 1/4] hw/acpi/ich9: Trace ich9_gpe_readb()/writeb()
Next by Date: Re: [PATCH] meson: set colorout to auto
Previous by thread: [PATCH v2 00/10] trivial patchs for static code analyzer fixes
Next by thread: QEMU | Pipeline #181767431 has failed for master | 7774e403
Index(es):
- Date
- Thread