On Thu, Jun 10, 2010 at 09:13:56PM +0100, Gordan Bobic wrote:
> On 06/10/2010 08:50 PM, Herbert Poetzl wrote:
> >>Essentially - if it is not safe to do this between the host and
> >>a guest, how come it is safe to do between guests?
> >because the host (context) has all priviledges and
> >can manipulate all the guests (and usually their filesystem
> >without any restriction)
> >so, the danger is not that the guest will modify a host
> >binary and use that for some kind of exploit, the danger
> >is more that you accidentially drop the required security
> >mechanisms while accessing those files (from the host)
> >and the guest could exploit this to mess with the host
> >binaries ... or it could simply mess up the guest by
> >involuntarily changing guest files (along with host changes)
> What exactly are you referring to with "security mechanisms"
> in this context?
for example, remove the immuteable flag
> >the guests are all limited in their capabilities and will
> >not be able to do such things, but the host context is not
> >limited at all, i.e. everything goes :)
> I get that, I'm just curious how sharing a hard-link between
> host and guest could be used to compromise the host.
> At the moment, I cannot quite see the attack vector.
one example in short:
host removes immutable flag, guest injects evil code ...
> >besides that, having a few hundred megabytes of host
> >files/binaries are usually acceptable ...
> A few hundred MB of disk space isn't a big issue. A few hundred
> MB of RAM, however, is - I'm trying to implement something on
> a very low power machine (N450 Atom, has to be passively cooled)
> which is limited to 2GB of RAM, and I need to deploy about 3-4VMs
> in it.
I doubt that sshd and maybe syslogd (you should not need
anything else on the host) will consume a lot of memory.
I also doubt that you will keep those in sync with the
guests at all times :)
> Hence why I am trying to scrape a bit more off the bottom of
> the barrel. :)
you might want to go for 32bit there if memory is really
your main concern ... but I'd verify that with a test
setup first :)
best,
Herbert
> Gordan
Received on Fri Jun 11 11:39:52 2010