On Feb 20, Michael Tokarev <mjt@tls.msk.ru> wrote: > I'm not sure I understood your question. Ubuntu uses the same package > as Debian, RHEL comes from the same codebase, and the same manual page > exists on Debian too, and this manpage hasn't been changed (besides > minor tweaks) since its addition in 2015. Looks like I was looking at an old version then: now I have installed the buster version and it's there. > Speaking of a qemu-ga blacklist, -- well, from the host side of view > such a blacklist is more or less pointless, since host can even trace > every cpu instruction a guest does, if host wants to see files on the > guest it's not a problem at all, it have full access to everything. Sure, as long it does not use a modern AMD CPU with encrypted memory, but still I think that there is a big difference between peeking at RAM and accessing everything with an handy API. > What blacklist is "sensible" from your PoV? By default it should prevent information leak from the guest. guest-file-open guest-file-close guest-file-read guest-file-write guest-file-seek guest-file-flush guest-get-memory-blocks guest-set-memory-blocks guest-get-memory-block-info guest-exec-status guest-exec -- ciao, Marco
Attachment:
signature.asc
Description: PGP signature