Bugtraq mailing list archives

RE: VMWare poor guest isolation design

From: "Ken Kousky" <kkousky () ip3inc com>
Date: Sat, 25 Aug 2007 13:30:30 -0400

I'm trying to understand how the vm actually prevents the buffer overflow
from injecting code that has direct hardware control? It seems that the code
injected into memory should be truly "arbitrary code" based on the physical
machine. 

Are there any good papers that explain how the vm shields against buffer
overflows?

KWK

-----Original Message-----
From: Arthur Corliss [mailto:corliss () digitalmages com] 
Sent: Friday, August 24, 2007 5:45 PM
To: Ken Kousky
Cc: bugtraq () securityfocus com
Subject: RE: VMWare poor guest isolation design

On Fri, 24 Aug 2007, Ken Kousky wrote:

This may be far off course but with all the discussions of VMWare  as a

safe

sandbox that has broad security value it seems we have to pay attention to
the assumptions. IF the virtual machine is operating properly, it can
provide a level of sandboxing and restrict session privileges for that
instance of the machine. However, the most common exploit in software
continues to be memory leakages or buffer overflows.

It seems to me that the code that can be injected through the most common
attack vector (buffer overflows) executes with full privileges of the real
hosting machine, there would be little benefit to the virtualization. Am I
missing something here?

Is there a way that the arbitrary code injected through a buffer overflow
can be constrained in the logical machine? It seems to me the VM can't
provide this protection???


VMs can do just that, isolate the damage to the vm, with no impact to the
host.  This discussion never addressed that, though, it was focused on the
premise that vms should be protected from the host operating system, which
is exceedingly impractical.  The host was never in danger from the
techniques discussed here.

I think you may be referring to sandboxes like chroot & jails which are not
quite as effective at isolating processes as the vm route.  They have a hell
of a lot less overhead, though.

        --Arthur Corliss
          Live Free or Die

Current thread:

More on VMWare poor guest isolation design, (continued)
- - - More on VMWare poor guest isolation design M. Burnett (Aug 25)
    - Re: More on VMWare poor guest isolation design Tim Newsham (Aug 27)
    - RE: More on VMWare poor guest isolation design M. Burnett (Aug 27)
    - RE: More on VMWare poor guest isolation design Tim Newsham (Aug 30)
    - RE: More on VMWare poor guest isolation design Arthur Corliss (Aug 30)
    - Re: More on VMWare poor guest isolation design Wietse Venema (Aug 27)
  - Re: VMWare poor guest isolation design Matt Richard (Aug 24)
    - Re: VMWare poor guest isolation design Arthur Corliss (Aug 24)
  - RE: VMWare poor guest isolation design Ken Kousky (Aug 25)
    - RE: VMWare poor guest isolation design Arthur Corliss (Aug 25)
    - RE: VMWare poor guest isolation design Ken Kousky (Aug 27)
    - RE: VMWare poor guest isolation design Arthur Corliss (Aug 30)
- Re: VMWare poor guest isolation design Tim Newsham (Aug 25)
- VMware poor guest isolation design VMware Security team (Aug 30)