[Bug 840925] Re: Please make /dev/kvm world-accessible in 45-qemu-kvm.rules
Soren Hansen
soren at linux2go.dk
Wed Sep 7 13:26:44 UTC 2011
The problem back then was that anyone with access to /dev/kvm could
allocate an arbitrary amount of memory that could not be swapped out.
Dead-easy DoS. Since... I don't remember when, years ago at least,
memory used by kvm can be swapped out like all other memory, so it's in
terms of DoS by memory allocation, it's no more dangerous than giving
people access to run malloc. :)
You're also giving them access to execute certain cpu instructions they
otherwise wouldn't be able to, but -- modulo whatever security bugs
there might be, of course -- these aren't sensitive instructions (in the
way they're exposed through the kvm interface, that is). KVM was
designed to be safe to run this way.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to kvm in Ubuntu.
https://bugs.launchpad.net/bugs/840925
Title:
Please make /dev/kvm world-accessible in 45-qemu-kvm.rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/840925/+subscriptions
More information about the Ubuntu-server-bugs
mailing list