On Mon, Dec 27, 2010 at 02:34:45AM -0800, Orvar Korvar wrote:
> Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not
> necessarily give you additional security. "Security by virtualization
> is a failure":
> I wonder, how does the Solaris Zone VM model compare to these? Can you
> use the same type of exploit on Zones? Are Zones vulnerable to what he
> talks of, are Zones more secure? Or, are all VMs insecure, no matter
> what model?
All forms of VMs can potentially suffer from vulnerabilities that guests
could exploit to attack other guests or the host itself. That doesn't
mean that vulnerabilities don't exist in the host. But if exploitable
vulnerabilities exist, you should assume they will be exploited by any
guests running untrusted code (or running trusted code that is has its
own exploitable vulnerabilities). Therefore, such concerns apply to
LDoms, VMware, VirtualBox, Xen, and Zones.
I don't think that invalidates the use of virtualization as _a_ security
tool, that is, as one of several security tools. Virtualization is not
a get-out-of-jail-free card for security, nor was it ever intended as
such. Host operators should still apply suitable network policies
(e.g., egress filtering), use intrusion detection, perform auditing,
patch frequently, pay attention to CVEs, etcetera.
Also, VMs are not really about security, not primarily anyways...
(Similar things could be said about NAT.)
My advice to the paranoid regarding regarding VMs would be to disable
extensions allowing the guest broader communication channels to services
on the host -- this reduces the attack surface area, at a price in
convenience (e.g., no integrated desktop with VBox), and it applies to
all VM types.
zones-discuss mailing list