[zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread Orvar Korvar
Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not necessarily give you additional security. "Security by virtualization is a failure": http://www.serverwatch.com/tutorials/article.php/3905096/Use-Virtual-8086-Mode-to-Secure-Virtual-Servers.htm I wonder, how does the Solaris Zone

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread James Carlson
On 12/27/10 05:34, Orvar Korvar wrote: > Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not > necessarily give you additional security. "Security by virtualization is a > failure": > http://www.serverwatch.com/tutorials/article.php/3905096/Use-Virtual-8086-Mode-to-Secure-Virtual-S

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread Orvar Korvar
Ok, thanks. So, Solaris zones are probably not susceptible to these kind of attacks, it seems. But I was considering running VirtualBox in each local zone and surf from the VirtualBox virtual machines. So, in that case, then you can exploit that attack in each local zone. But you could not acce

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread Petr Benes
> But I was considering running VirtualBox in each local zone and surf from the > VirtualBox virtual machines. So, in that case, then you can exploit that > attack in each local zone. But you could not access the other local zones, > because of underlying Zone model? As a part of VBox is locate

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread James Carlson
On 12/27/10 08:15, Orvar Korvar wrote: > Ok, thanks. So, Solaris zones are probably not susceptible to these kind of > attacks, it seems. > > But I was considering running VirtualBox in each local zone and surf from the > VirtualBox virtual machines. So, in that case, then you can exploit that

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread sowmini . varadhan
On (12/27/10 08:26), James Carlson wrote: > That's not quite what I'd call "simple," but I guess it's a matter of > taste. That uses VNICs and exclusive IP stack zones, which wasn't what > I was describing in my previous message. Doing it that way means that > you have to grant privileges to the

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread John D Groenveld
In message <1922922131.01293446116372.javamail.tweb...@sf-app1>, Orvar Korvar w rites: >BTW, My original plan does not work. I have SunRay clients, which means I can >not shutdown the global zone's NIC - because then the SunRay will stop functio >n. I must somehow separate local zones traffic, fro

Re: [zones-discuss] "Security through virtualization is a failure":

2010-12-27 Thread Nicolas Williams
On Mon, Dec 27, 2010 at 02:34:45AM -0800, Orvar Korvar wrote: > Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not > necessarily give you additional security. "Security by virtualization > is a failure": > http://www.serverwatch.com/tutorials/article.php/3905096/Use-Virtual-8086-Mod