On 10/24/07, Damien Miller <[EMAIL PROTECTED]> wrote: > You obviously didn't read Tavis' virtualisation security paper. VM escape > vulnerabilites are not theoretical. Tavis found vulnerabilities in every > VM he tested using only a couple of fuzzers.
Restating my earlier post again, in regards to Xen: 1. Ormandy states that Xen's design is congruent with good security 2. Ormandy doesn't actually demonstrate a DomU -> Dom0 escalation, and in fact, didn't test any HVMs at all. 3. Ormandy hypothesizes that based on Qemu flaws, there may be lurking issues. However, Qemu compromises != Xen HVM Qemu compromises Furthermore: 1. Upstream patches already exist [1] in response to Ormandy's bug report [2] On 10/24/07, Brian <[EMAIL PROTECTED]> wrote: > Your first sentence is provoking these responses. You cannot make this > claim unless you are 100% certain the virtualization layer is bug free. The standard of security is 100% bug free code? If so, then OpenBSD is certainly insecure, because the two remote root exploits demonstrated in the last 10 years shows that OpenBSD is not 100% bug free. Also, a flaw (along with demonstrated code) was pointed out earlier in this thread by Christopher Eggart. > If theres a bug in the virtualization layer that allows a NORMAL USER > [1] in any of the guests to compromise the VM layer, host, or any of the > guests, the user has just escalated his privileges through a vector that > would never have been there outside of this VM environment. Usually, when someone makes a claim that OpenBSD is insecure because of some hypothetical vulnerability, the response is (rightly) "Demonstrate an exploit. You'll be famous." Can someone demonstrate a DomU->Dom0 exploit in the current, patched version of Xen? On 10/24/07, Jason Dixon <[EMAIL PROTECTED]> wrote: > There is *nothing* in any virtualization software that makes having > it *more secure* than not having it at all. >From my earlier post, did you look at: http://shell.cse.ucdavis.edu/~bill/virt/virt.pdf In particular, how does defending against certain classes of rootkits and having known, good checksums for known, good binaries not increase the security of the system? Lets say DomU is OpenBSD (which HVM virtualizes fine, BTW). The few rootkits (that could be installed by local, malicious users) for OpenBSD can be detected using CDR, which wouldn't be the case otherwise. On 10/24/07, Theo de Raadt <[EMAIL PROTECTED]> wrote: > And when physical servers cost less than some vmware licenses........ That I agree with. But Xen is free .... Adam [1] https://launchpad.net/ubuntu/+source/xen-3.1/ [2] http://secunia.com/advisories/26986/ -- "Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu
