[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSI.4.64.0708250854040.11671@malasada.lava.net>
Date: Sat, 25 Aug 2007 09:05:13 -1000 (HST)
From: Tim Newsham <newsham@...a.net>
To: "M. Burnett" <mb@...o.net>
Cc: 'Arthur Corliss' <corliss@...italmages.com>,
'Jonathan Yu' <jonathan.i.yu@...il.com>, bugtraq@...urityfocus.com
Subject: Re: More on VMWare poor guest isolation design
> 2. This issue is not about a user on the host compromising a virtual guest.
> It is about a *non-privileged* user on the host being logged in to guest
> machines as an administrator, and a worm--running in the context of that
> non-privileged user on the host--being able to access the admin-level
> context of the guest machines without knowing those administrator
> credentials. Also remember that since I am talking about a non-privileged
> user on the host, there will be limits on what this user could do to
> accomplish some of the other attacks mentioned.
Your position seems to be that an easy automated scripting interface is a
lot more dangerous than a slightly harder indirect attack method. The
truth is that they are both scriptable and reliable. Techniques for
attacking virtual machines from the host are certainly no harder to code
than the average remote exploit that worms used to propogate. Do you
really think a worm writer who wants to compromise VMWare guests would
take advantage of a scripting interface but shy away from the task if he
had to write custom code to break into the guest?
> 4. This is also not so much about this specific issue at hand--we can easily
> block this--but also looking at the bigger picture of establishing best
> practices for dealing with the guest/host relationship.
Here's a best practice: Don't assume that guests are protected from
software running on the host system.
> As a side note, I specialize in hardening Windows so all of these systems
> have been hardened with my own hardening script that is quite extreme. These
> are by no means weak targets.
A (virtual) machine where attackers can arbitrarily read and write
the memory, the disk and even alter devices is going to be a soft target.
The physical analogy that someone brought up earlier works well here.
Would you consider your machine locked down if someone could open
your computer case, yank the hard drive and attach new devices to the
system at will? Well, with a virtual machine they can do that while
the machine is running.
> Mark Burnett
> http://xato.net
Tim Newsham
http://www.thenewsh.com/~newsham/
Powered by blists - more mailing lists