Am 13.10.2017 um 11:37 schrieb Cornelia Huck: > On Fri, 13 Oct 2017 11:10:05 +0200 > Stefan Weil <s...@weilnetz.de> wrote: > >> Hi, >> >> the German Bundesamt für Sicherheit in der Informationstechnik >> (Federal Office for Information Security) published a study on >> the security of KVM and QEMU: >> >> https://www.bsi.bund.de/DE/Publikationen/Studien/Sicherheitsanalyse_KVM/sicherheitsanalyse_kvm.html >> >> (article only available in German) > Thanks for posting this! > > I only looked at the conclusion for now. Some interesting points: > > - They state that QEMU's source code is well structured, readable and > maintainable. I wonder what kind of source code they usually deal > with ;) > - Most problems noted seemed to be related to signed<->unsigned > conversions, but none were found to be exploitable. > - They liked hardening via stack protection, NX, and ASLR, as well as > the mechanisms used by libvirt. > - They generally seemed to be happy with QEMU being deployed via > libvirt. > - Restrictions imposed via KVM (guest access to some CPU registers) > scored positive points. They did not like that Hyper-V and PMU were > not deconfigurable. > - Lack of support for encryption/signing of network-based images was > criticized. They ended up using Ceph and GlusterFS, which they were > reasonably happy with. > > That's just from a quick browse.
I already found some weaknesses in the study: * It makes the wrong assumption that all maintainers have write access to the git repository. (chapter 5.3) * It does not mention important quality measures like Coverity Scan, Continuous Integration and automated tests. So QEMU is even better than the BSI thinks. :-) Stefan
