On 12/27/10 08:15, Orvar Korvar wrote:
> Ok, thanks. So, Solaris zones are probably not susceptible to these kind of 
> attacks, it seems.
> 
> But I was considering running VirtualBox in each local zone and surf from the 
> VirtualBox virtual machines. So, in that case, then you can exploit that 
> attack in each local zone. But you could not access the other local zones, 
> because of underlying Zone model?

Unless there's a kernel module associated with VirtualBox, a user who
breaks out of VirtualBox will still be in a process running in the
non-global zone.

Kernel modules are global to the system, and are installed (and read)
only in the global zone.  If one of those is corrupted, then all bets
are off.

> Regarding my SunRay setup and Global zone. I think I just should do it 
> simple, just like this picture: Figure 15-1. Zone 1 will be the global zone. 
> And the rest of the zones, will be VirtualBox zones. Good so?
> 
> http://docs.sun.com/app/docs/doc/821-1458/gdytf?a=view

That's not quite what I'd call "simple," but I guess it's a matter of
taste.  That uses VNICs and exclusive IP stack zones, which wasn't what
I was describing in my previous message.  Doing it that way means that
you have to grant privileges to the zones such that they can manage the
interfaces they have, and then you may need to set up security on top of
that to keep them from "managing" them in ways you don't want, such as
configuring the wrong IP address.

Shared IP stack zones are simpler, at least to me, because the
non-global zones are much more constrained in what they can do.

For what it's worth, the global zone is usually considered separate from
the rest of the zones.  Including it as part of a picture like that only
(in my opinion) clouds things rather than clarifies.  If I were
concerned about security at this level, I'd keep the global zone only on
a private network.

(But I'm usually not concerned about things like this.  Either we're
friends just sharing a box, or we're not.  If we're not, then I'm going
to set up secure protocols to talk; I'm not going to trust my data to
any sort of partitioning scheme -- whether subnets, VLANs, VNICs or
whatever.)

-- 
James Carlson         42.703N 71.076W         <carls...@workingcode.com>
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to