Bugtraq mailing list archives
Re: Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
From: Pavel Machek <pavel () UCW CZ>
Date: Sun, 5 Nov 2000 20:26:52 +0100
Hi!
[ FINAL WORDS ] This basically shows that you can't rely upon anything but a total instruction-level emulation to make a real-looking and yet secure cage. We look forward to such a product as it would be a great tool in intrusion detection. As VMware shows, this can be done atleast on x86 CPUs and it would surprise me if it wouldn't be possible on other platforms (such as Sparc).
VMware is not really doing instruction-level emulation. It is doing dirty tricks with native execution to speed it up. bochs is doing full simulation, that's why it is slower than vmware. Anyway, trickery VMware does is not required -- trapping all syscalls is exactly as good. If you take a look at user mode linux (it is available at sourceforge.net), you can do pretty much the same with ptrace() interface. [And user mode linux is obviously opensource, so it is practical to what you want]. Pavel -- I'm pavel () ucw cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss () linmodems org
Current thread:
- Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Loki (Nov 04)
- Re: Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Pavel Machek (Nov 06)