On 12/27/10 08:15, Orvar Korvar wrote: > Ok, thanks. So, Solaris zones are probably not susceptible to these kind of > attacks, it seems. > > But I was considering running VirtualBox in each local zone and surf from the > VirtualBox virtual machines. So, in that case, then you can exploit that > attack in each local zone. But you could not access the other local zones, > because of underlying Zone model?
Unless there's a kernel module associated with VirtualBox, a user who breaks out of VirtualBox will still be in a process running in the non-global zone. Kernel modules are global to the system, and are installed (and read) only in the global zone. If one of those is corrupted, then all bets are off. > Regarding my SunRay setup and Global zone. I think I just should do it > simple, just like this picture: Figure 15-1. Zone 1 will be the global zone. > And the rest of the zones, will be VirtualBox zones. Good so? > > http://docs.sun.com/app/docs/doc/821-1458/gdytf?a=view That's not quite what I'd call "simple," but I guess it's a matter of taste. That uses VNICs and exclusive IP stack zones, which wasn't what I was describing in my previous message. Doing it that way means that you have to grant privileges to the zones such that they can manage the interfaces they have, and then you may need to set up security on top of that to keep them from "managing" them in ways you don't want, such as configuring the wrong IP address. Shared IP stack zones are simpler, at least to me, because the non-global zones are much more constrained in what they can do. For what it's worth, the global zone is usually considered separate from the rest of the zones. Including it as part of a picture like that only (in my opinion) clouds things rather than clarifies. If I were concerned about security at this level, I'd keep the global zone only on a private network. (But I'm usually not concerned about things like this. Either we're friends just sharing a box, or we're not. If we're not, then I'm going to set up secure protocols to talk; I'm not going to trust my data to any sort of partitioning scheme -- whether subnets, VLANs, VNICs or whatever.) -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ zones-discuss mailing list firstname.lastname@example.org