Security Basics mailing list archives
Re: VMWare and Security
From: thomas seclists <thomas.seclists () gmail com>
Date: Tue, 26 Apr 2005 11:52:59 -0400
During a recent meeting with a VMWare rep, I gathered the following info about the OS of the current version of ESX: - Runs on a stripped down version of RedHat 7.2 - I believe he said it runs on a 2.4 kernel In addition: - ESX 3.0 will see an upgrade to a 'recent RedHat version' with a 2.6 kernel (lead me to believe RHEL - perhaps 4?) As for the difference between ESX and GSX - Product Comparison: http://www.vmware.com/products/server/server_comp.html -Thomas On 4/26/05, Rik Bobbaers <Rik.Bobbaers () cc kuleuven ac be> wrote:
On Monday 25 April 2005 12:12, P.B. Wagenaar wrote:As far as I know, ESX uses it's own OS and does not run on top of Windows i.e. (GSX is the version that runs on a host layer). So the ESX version uses its own virtualization layer. This could be considerd to be an Operating System right? And there are no security issues with this? What if someone starts writing an exploit for the ESX virtualization layer? Like a malformed TCP packet? The virtual machine (ie. Windows server 2003) might have no problems with the malformed packet, but it passes through the virtualization layer first. I am not saying that there is something wrong with this approach or that is less secure or whatever. I am just asking if all operating systems have had security related bugs, what are the chances the ESX has to go through this cycle also? And how would a security issue in the virtualization layer affect the virtual machines running on it? Once again, vmware is a great product in my eyes, and I can not see anything that is wrong with it being not begin secure or something. But if you can consider ESX to be an OS (like linux and windows), and most OS have had security issues at one time or another, how should an organization treat a new OS like ESX?let's put it different... ESX is a RedHat linux which is tuned by the vmware people... but what do the vmware people do to improve security on ESX? i think esx 2.5 sitll runs kernel 2.6.5 (iirc). i'd like to add another question... what's the advantage of ESX to GSX? (maintenance of a linux machine is peanuts, so that doesn't count ;)) -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org ASCII stupid question, get a stupid ANSI!
Current thread:
- VMWare and Security P.B. Wagenaar (Apr 18)
- <Possible follow-ups>
- RE: VMWare and Security P.B. Wagenaar (Apr 25)
- Re: VMWare and Security Rik Bobbaers (Apr 26)
- Re: VMWare and Security thomas seclists (Apr 26)
- Re: VMWare and Security Gene Yoo (Apr 26)
- RE: VMWare and Security Michael Rice (Apr 27)
- Re: VMWare and Security Rik Bobbaers (Apr 26)