On Mon, Dec 27, 2010 at 02:34:45AM -0800, Orvar Korvar wrote: > Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not > necessarily give you additional security. "Security by virtualization > is a failure": > http://www.serverwatch.com/tutorials/article.php/3905096/Use-Virtual-8086-Mode-to-Secure-Virtual-Servers.htm > > I wonder, how does the Solaris Zone VM model compare to these? Can you > use the same type of exploit on Zones? Are Zones vulnerable to what he > talks of, are Zones more secure? Or, are all VMs insecure, no matter > what model?
All forms of VMs can potentially suffer from vulnerabilities that guests could exploit to attack other guests or the host itself. That doesn't mean that vulnerabilities don't exist in the host. But if exploitable vulnerabilities exist, you should assume they will be exploited by any guests running untrusted code (or running trusted code that is has its own exploitable vulnerabilities). Therefore, such concerns apply to LDoms, VMware, VirtualBox, Xen, and Zones. I don't think that invalidates the use of virtualization as _a_ security tool, that is, as one of several security tools. Virtualization is not a get-out-of-jail-free card for security, nor was it ever intended as such. Host operators should still apply suitable network policies (e.g., egress filtering), use intrusion detection, perform auditing, patch frequently, pay attention to CVEs, etcetera. Also, VMs are not really about security, not primarily anyways... (Similar things could be said about NAT.) My advice to the paranoid regarding regarding VMs would be to disable extensions allowing the guest broader communication channels to services on the host -- this reduces the attack surface area, at a price in convenience (e.g., no integrated desktop with VBox), and it applies to all VM types. Cheers, Nico -- _______________________________________________ zones-discuss mailing list firstname.lastname@example.org