- Timestamp:
- Sep 3, 2015 11:58:45 AM (9 years ago)
- Location:
- trunk/doc/manual/en_US
- Files:
-
- 2 edited
-
user_GuestAdditions.xml (modified) (1 diff)
-
user_Security.xml (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/doc/manual/en_US/user_GuestAdditions.xml
r57607 r57609 1857 1857 linkend="metrics" /> for information on how to query metrics.</para> 1858 1858 1859 <note><para>Enabling Page Fusion might i mprove the chances for malicious1860 guests to successfully attack other VMs running on the same host using1861 side-channel attacks, see <xref linkend="pot-insecure"/>.</para></note>1859 <note><para>Enabling Page Fusion might indirectly increase the chances 1860 for malicious guests to successfully attack other VMs running on the 1861 same host, see <xref linkend="pot-insecure"/>.</para></note> 1862 1862 </sect2> 1863 1863 </sect1> -
trunk/doc/manual/en_US/user_Security.xml
r57607 r57609 330 330 <listitem> 331 331 <para>When Page Fusion (see <xref linkend="guestadd-pagefusion"/>) 332 is enabled, a malicious guest doing a side-channel attack could be 333 able to determine the address space layout of another guest running 334 on the same host. This would improve the chances of the malicious guest 335 to take advantage of other attack vectors he might have against the 336 target VM. To prevent potential malcious guest process from doing 337 such side-channel attacks, Page Fusion should be disabled.</para> 332 is enabled, it is possible that a side-channel opens up that allows 333 a malicious guest to determin the address space layout (i.e. where 334 DLLs are typically loaded) of one other VM running on the same host. 335 This information leak in it self is harmless, however the malicious 336 guest may use it to optimize attack against that VM via unrelated 337 attack vectors. It is recommended to only enable Page Fusion if you 338 do not think this is a concern in your setup.</para> 338 339 </listitem> 339 340
Note:
See TracChangeset
for help on using the changeset viewer.
