Thursday, July 10, 2008
Today I read about this VMWare vulnerability on Beaker's blog.Â It is related to the possibility of a non-admin user on the host OS to execute code on the guest OS. I read the details of the vulnerability and I understand why VMWare is saying that the described behavior is by design, and can also see why this could be a security issue. However, issues like this just confirm my point of view that it's not feasible to try to protect the Guest OS from the Host. It's a matter of layers, the guest OS is just a simple application on the host OS.Â We will see that the challengesÂ on doingÂ thatÂ are quite similar to those from the AV industry.IMHO, there are just a way to (partially) address those concerns. A single purposeÂ Host OS, that will run only Guest OSes and no other software. Then a Guest OSÂ under that can run the VM environment management tools, communicating with theÂ otherÂ Guest Oses through regular (although virtualized) networking. A regular client server applicationÂ with all the properÂ AAA and encryption controlsÂ can be used over that network (why not IPSEC communication?). Even exclusive virtual network adapters can be used on the Guest OSes to host the traffic of the management application. The client would be installed like a regular application on the Guest OSes (like VMWare Tools) and be subject to all the OS controls.That won't help against malicious code running on the Host OS, but will reduce the possibility of that code being executed there, just by reducing the roles of the Host.