Thursday, July 10, 2008

VMWare vulnerability

Today I read about this VMWare vulnerability on Beaker's blog. It is related to the possibility of a non-admin user on the host OS to execute code on the guest OS. I read the details of the vulnerability and I understand why VMWare is saying that the described behavior is by design, and can also see why this could be a security issue. However, issues like this just confirm my point of view that it's not feasible to try to protect the Guest OS from the Host. It's a matter of layers, the guest OS is just a simple application on the host OS. We will see that the challenges on doing that are quite similar to those from the AV industry.IMHO, there are just a way to (partially) address those concerns. A single purpose Host OS, that will run only Guest OSes and no other software. Then a Guest OS under that can run the VM environment management tools, communicating with the other Guest Oses through regular (although virtualized) networking. A regular client server application with all the proper AAA and encryption controls can be used over that network (why not IPSEC communication?). Even exclusive virtual network adapters can be used on the Guest OSes to host the traffic of the management application. The client would be installed like a regular application on the Guest OSes (like VMWare Tools) and be subject to all the OS controls.That won't help against malicious code running on the Host OS, but will reduce the possibility of that code being executed there, just by reducing the roles of the Host.

No comments:

Post a Comment