Bugtraq mailing list archives
Re: VMWare poor guest isolation design
From: Arthur Corliss <corliss () digitalmages com>
Date: Fri, 24 Aug 2007 10:03:28 -0800 (AKDT)
On Fri, 24 Aug 2007, Matt Richard wrote:
There are other methods of compromising guests without any requirements for API's, GUI's, etc - http://www.mnin.org/write/2006_vmshell_injection.pdf.
Let me preface my response with the admission that my primary virtualization platform is IBM pSeries, I'm not a big fan of Vmware. Even so, this represents, just like the API attack, a unidirectional attack vector, from the host OS to the guest. I simply don't understand why people are making a big deal about these things. If you don't have a secure host platform then you can't have *any* reasonable expectations of security in the guest to begin with. Now, if someone can prove an attack from one guest to another, or verify if two UIDs running vms can tamper with the other's vm, then there would be asecurity concern. Devoid of that, techniques like this are just one of a million reasons why no one makes reservations at the Bates Hotel. To expect otherwise makes you deserving of getting stabbed in the shower.
--Arthur Corliss Live Free or Die
Current thread:
- Re: VMWare poor guest isolation design, (continued)
- Re: VMWare poor guest isolation design Jonathan Yu (Aug 24)
- Re: VMWare poor guest isolation design Arthur Corliss (Aug 24)
- Re: VMWare poor guest isolation design Jonathan Yu (Aug 24)
- More on VMWare poor guest isolation design M. Burnett (Aug 25)
- Re: More on VMWare poor guest isolation design Tim Newsham (Aug 27)
- RE: More on VMWare poor guest isolation design M. Burnett (Aug 27)
- RE: More on VMWare poor guest isolation design Tim Newsham (Aug 30)
- RE: More on VMWare poor guest isolation design Arthur Corliss (Aug 30)
- Re: VMWare poor guest isolation design Jonathan Yu (Aug 24)
- Re: More on VMWare poor guest isolation design Wietse Venema (Aug 27)
- Re: VMWare poor guest isolation design Arthur Corliss (Aug 24)
- RE: VMWare poor guest isolation design Arthur Corliss (Aug 25)
- RE: VMWare poor guest isolation design Ken Kousky (Aug 27)
- RE: VMWare poor guest isolation design Arthur Corliss (Aug 30)