Re: VM software for personal use?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Allums wrote:
> On 4/26/2010 5:24 PM, Clive McBarton wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Mark Allums wrote:
>>> Some people are scared of shared folders as possible attack vectors,
>>> thus security risks.
>>
>> What exactly are those risks?
> It depends on the mechanism used to share the folders. If if is through
> a network interface, then the risks are similar to the risks on any
> trusted intranet.
OK.
> If the folders are provided by the VM internals, then the risk is what
> you can lose by a successful attack on the guest kernel or the host VM.
And how much is that? Assuming there's one folder on the host that the
guest can write to (that's what I understand by "shared folder"), than a
successful attack can fill up space on the host, but that's it. It
cannot get out of this folder as far as I can see.
> If the host VM is kernel-based, then the risk is that of a (host)
> kernel attack.
OK.
> Note: I'm using "risk" as in "what can you lose?" If you mean attack
> vectors, then those should be evident
I'm not sure I get the distinction "risk" vs "attack vector". Nor do I
find those particularly evident. Which is probably my lack of knowledge
in that area. Could you please enlighten me here?
> Google Joanna Rutkowska. She probably knows as much as
> anyone about breaking out of a VM to attack the host.
Just one person can do this? I feel safe now.
> I'm sure others on this list know more than I do about it.
I hope they share their knowledge here, so I can learn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkvaBk0ACgkQ+VSRxYk4408DpwCfVxGZgQGKka2YCBCZJToGQKFB
2iEAn0CucSotl67SjbdQBAMAOPRNhg4S
=zYGb
-----END PGP SIGNATURE-----
Reply to: