Network Security: Detailed info on Re: More on VMWare poor guest isolation design

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: More on VMWare poor guest isolation design

from [Wietse Venema] Network Security

[Permanent Link]

Subject:	Re: More on VMWare poor guest isolation design
Date:	Mon, 27 Aug 2007 10:37:35 -0400 (EDT)

M. Burnett:

It doesn't matter how secure all my guests are or that I use extremely
secure passwords or that I am current on all my patches or I am running a
super-tight firewall on each guest. A single API call bypasses all of that.


It doesn't even take an API. If you're running a virtual machine
from your own account, your account has control over the virtual
machine. It can subvert the hardware, it can modify the contents
of virtual memory, the virtual disk image, and so on.

This is a basic but often overlooked principle with virtualization:
a virtual machine is no more secure than the platform (or in this
case user account) it runs on.

        Wietse

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: VMWare poor guest isolation design, (continued) RE: VMWare poor guest isolation design, Arthur Corliss RE: VMWare poor guest isolation design, James C. Slora Jr. Re: VMWare poor guest isolation design, Jonathan Yu Re: VMWare poor guest isolation design, Arthur Corliss Re: VMWare poor guest isolation design, Jonathan Yu More on VMWare poor guest isolation design, M. Burnett Re: More on VMWare poor guest isolation design, Tim Newsham RE: More on VMWare poor guest isolation design, M. Burnett RE: More on VMWare poor guest isolation design, Tim Newsham RE: More on VMWare poor guest isolation design, Arthur Corliss Re: More on VMWare poor guest isolation design, Wietse Venema <= Re: VMWare poor guest isolation design, Matt Richard Re: VMWare poor guest isolation design, Arthur Corliss RE: VMWare poor guest isolation design, Ken Kousky RE: VMWare poor guest isolation design, Arthur Corliss RE: VMWare poor guest isolation design, Ken Kousky RE: VMWare poor guest isolation design, Arthur Corliss Re: VMWare poor guest isolation design, Tim Newsham VMware poor guest isolation design, VMware Security team

Previous by Date:	OpenBSD 4.1 - Heap overflow vulnerabillity, acheddamiman
Next by Date:	ePersonnel_RC_2004 Remote File Bug, system-errrror
Previous by Thread:	RE: More on VMWare poor guest isolation design, Arthur Corliss
Next by Thread:	Re: VMWare poor guest isolation design, Matt Richard
Indexes:	[Date] [Thread] [Top] [All Lists]