[Dshield] VMware

Chris Brenton cbrenton at chrisbrenton.org
Fri Oct 14 14:52:58 GMT 2005


On Fri, 2005-10-14 at 10:10 -0400, John B. Holmblad wrote:
>
> you might want to recheck the assertions regarding vm software always 
> running in ring 0. I am not so sure of that myself.

Depends on the product. For example User Mode Linux will happily run
under a regular user account. Others do require root/system level of
access to function properly.

> Having said that I to have wondered about what kinds of security 
> exposures arise from VM systems.

Again, depends on the product as well as the application. There have
been exploits published in the past with different products that permit
a user on an image to break out and gain access to the host system. Of
course if the image is running as a regular user, *and* you've kept
local exploit patches up to date, this is less of an issue.

>  Now that Microsoft has gotten into the market with their 
> Virtual PC and Virtual Server products we will see even more instances 
> of such environments especially since Microsoft markets the concept of 
> server virtualization as a way to deal with the long tail of still 
> extant servers out there running Windows NT.

The concept is actually pretty cool. For example gone are the worries of
kernel level root kits as they can easily be monitored/detected from the
host system. Of course all this falls apart if the image is not a good
sandbox. 

HTH,
Chris




More information about the list mailing list