lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Aug 2007 09:05:13 -1000 (HST)
From: Tim Newsham <newsham@...a.net>
To: "M. Burnett" <mb@...o.net>
Cc: 'Arthur Corliss' <corliss@...italmages.com>,
	'Jonathan Yu' <jonathan.i.yu@...il.com>, bugtraq@...urityfocus.com
Subject: Re: More on VMWare poor guest isolation design

> 2. This issue is not about a user on the host compromising a virtual guest.
> It is about a *non-privileged* user on the host being logged in to guest
> machines as an administrator, and a worm--running in the context of that
> non-privileged user on the host--being able to access the admin-level
> context of the guest machines without knowing those administrator
> credentials. Also remember that since I am talking about a non-privileged
> user on the host, there will be limits on what this user could do to
> accomplish some of the other attacks mentioned.

Your position seems to be that an easy automated scripting interface is a 
lot more dangerous than a slightly harder indirect attack method. The 
truth is that they are both scriptable and reliable.  Techniques for 
attacking virtual machines from the host are certainly no harder to code 
than the average remote exploit that worms used to propogate.  Do you 
really think a worm writer who wants to compromise VMWare guests would 
take advantage of a scripting interface but shy away from the task if he 
had to write custom code to break into the guest?

> 4. This is also not so much about this specific issue at hand--we can easily
> block this--but also looking at the bigger picture of establishing best
> practices for dealing with the guest/host relationship.

Here's a best practice:  Don't assume that guests are protected from 
software running on the host system.

> As a side note, I specialize in hardening Windows so all of these systems
> have been hardened with my own hardening script that is quite extreme. These
> are by no means weak targets.

A (virtual) machine where attackers can arbitrarily read and write
the memory, the disk and even alter devices is going to be a soft target.

The physical analogy that someone brought up earlier works well here.
Would you consider your machine locked down if someone could open
your computer case, yank the hard drive and attach new devices to the
system at will?  Well, with a virtual machine they can do that while
the machine is running.

> Mark Burnett
> http://xato.net

Tim Newsham
http://www.thenewsh.com/~newsham/

Powered by blists - more mailing lists