On Thursday 21 January 2010 00:47:28 Sthu Deus wrote: > Thank You for Your time and answer, Boyd: > >VServer and OpenVZ requires the guests to know they are running in a > >virtualized environment, since they share a kernel with the host. They > > don't support unmodified guest OSes. > > In case of guest crack - will the attacker identify that he is in the > virtual environment?
If the attacker gets shell access, they should be able to identify that they are in a VServer/OpenVZ environment. It needn't be root. Similarly, a modified guest OS or simply one with the "guest utilities" (e.g. VMWare Guest Extensions for MS Windows or Novell's Virtual Machine Driver Pack for MS Windows etc.) installed should be recognizable to a user that looks hard enough. If you are using an unmodified guest OS, it is harder, but there are some signs an attacker can look for. Mainly, using root permissions to probe identify hardware and then matching the missing/virtualized/emulated hardware to the virtualization technology. > >The KVM kernel module does that, and more, through > >the use of the VT extensions. > > What do You think makes more overhead comparing KVM and Xen? In particular, Qemu (and similar) present the guest with a emulated video card and can also emulate a number of other devices. With Xen, the guests don't have a video card etc. unless you use PCI passthrough, and then the host loses access to that device, at least for the duration of the passthrough. Qemu and similar started from total isolation (the guest fully emulated as a non-privileged processes) and have been gradually adding features that increase speed through virtualization/passthrough technologies while still keeping an eye on isolation. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
