[Dshield] VMware

Stephane Grobety security at admin.fulgan.com
Fri Oct 14 15:17:52 GMT 2005


JBH> you might want to recheck the assertions regarding vm software always
JBH> running in ring 0. I am not so sure of that myself. Having said that I 
JBH> to have wondered about what kinds of security exposures arise from VM 
JBH> systems. Now that Microsoft has gotten into the market with their 
JBH> Virtual PC and Virtual Server products we will see even more instances 
JBH> of such environments especially since Microsoft markets the concept of 
JBH> server virtualization as a way to deal with the long tail of still 
JBH> extant servers out there running Windows NT.

IIRC VMWare and VirtualPC use diferent models for their virtual
machines: VirtualPC creates a virtual processor, complete with
register, L2 cache, etc. VMWare, on the other hand, allow the guest OS
to run on the real hardware CPU.

I'm not sure, however, than either of these have much to do with
the "ring" level at witch the process is running. Modern CPU, after
all, are designed specifically with a module dedicated to allow
process to share the same processor while retaining distinct memory
space: the Memory Manager Unit. Now, I'm not a real expect on that
thing so, if someone wants to comment on this, I'll be really a happy
bugger  (in particular since I can't seem to find any of my old
references on the subject any more) :P

Good luck,
Stephane



More information about the list mailing list