Yes that is my question too: "is running in a local zone safer?". That is why I 
created this thread.

I was thinking something like this: If someone hacks my WinXP, then he must 
bypass VBox. Then he is inside the local zone. Then he must get root access to 
the local zone. Then he must break the zone to get into the global zone. When 
he is in the global zone, he must gain root access. Then he is in my computer.

To prevent this, I shut down the NIC to the global zone. Then there is no 
communication between the global zone and local zones. So how can a hacker 
inside a local zone, gain access to the global zone? The global zone does not 
respond to any communication, because it's NIC is down.

But you say something like: if a hacker takes control over VBox, then he also 
gets inside the kernelspace and then he bypasses zones and everything and is 
inside the global zone? He does not have to go through NICs and zones and what 
This message posted from
zones-discuss mailing list

Reply via email to