OpenVZ Forum


Home » General » Support » Guest tools question (Is it safe to use guest agents in public server?)
Guest tools question [message #52617] Fri, 11 November 2016 12:07 Go to next message
JimmFrem is currently offline  JimmFrem
Messages: 10
Registered: September 2016
Location: Europe
Junior Member
Hi,

I am reading RHEL documents and found that they do not recommend to use guest agents in production servers:

Quote:
Note that it is only safe to rely on the QEMU guest agent when run by trusted guests. An untrusted guest may maliciously ignore or abuse the guest agent protocol, and although built-in safeguards exist to prevent a denial of service attack on the host, the host requires guest co-operation for operations to run as expected.


I wonder if any changes regarding this issue were made in OpenVZ 7?
Re: Guest tools question [message #52620 is a reply to message #52617] Mon, 14 November 2016 10:03 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
Guest Agent's protocol is one-direction - from host to guest. It is a server inside guest, servicing requests from the host node.

In OpenVZ it is used for advanced guest configuration (network settings, user password, some performance statistics). If malicious user wants to deny such advanced configuration or stats - he can do it. But unlikely he'll be able to cause the host DoS.


http://static.openvz.org/openvz_userbar_en.gif
Re: Guest tools question [message #52634 is a reply to message #52620] Thu, 17 November 2016 15:03 Go to previous message
JimmFrem is currently offline  JimmFrem
Messages: 10
Registered: September 2016
Location: Europe
Junior Member
Thanks Smile
Previous Topic: Yum Mirror List Typos
Next Topic: Windows Guest Network Adapter Ejection
Goto Forum:
  


Current Time: Tue Mar 19 03:37:34 GMT 2024

Total time taken to generate the page: 0.02278 seconds