Slashdot Mirror
Virtualization Decreases Security
ParaFan writes "In a fascinating story on KernelTrap, Theo de Raadt asserts that while virtualization can increase hardware utilization, it does not in any way improve security. In fact, he contends the exact opposite is true: 'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.' de Raadt argues that the lack of support for process isolation on x86 hardware combined with numerous bugs in the architecture are a formula for virtualization decreasing overall security, not increasing it."
You missed the part about the solution; eating ones children. :-)
/\/\icro/\/\uncher
There is not one recorded/public example of someone breaking out of the isolation of a virtual environment! I dare someone to demonstrate otherwise, and I will eat my words.
Start eating. There have been documented & patched bugs in VMware where the actions of the client VM can crash or exploit problems in the host.
That being said, VMware is the most solid virtualization product for the PC architecture.
The same thing with Virtualization, each VM will not be completely secure and will have holes in it but spreading will be reduced because only a smaller portion of application will use that OS to virtualize.
I don't think that analogy applies here. I think TA's point is that the hypervisor itself may not be any more secure than the OSes it virtualizes. So now you're hypervisor OR the OS it's running may get hacked.
Prov 9:8 Do not rebuke mockers or they will hate you; rebuke the wise and they will love you.
Lots of hypervizors and VM kernels are vulnerable, and can allow guest OSes to inject code into the host OS.
See this for just a few examples: http://secunia.com/advisories/26890
I can easily find several implementations that cause DOS and escalation attacks on older versions (these are fixed in the current versions, but you can bet more flaws will be found).
Regardless of Theo's opinion of himself, he is right in that more complexity means more bugs.
LL
You're missing the point. Your virtualization product is an application, which weakens the security of the OS running under it. So now you can have attacks from both sides. As Theo says, now an OS crash (inside the VM) can become an attack on the host system, and application attacks on the VM can become an attack on the OS running in the VM.
His position has many facets. As I understand it:
* programmers make buggy code, and now programmers are programming virtual hardware
* the hardware they are emulating (PC architecture) is a nightmare, they have to do crazy, unsafe crap to implement it.
* application flaws in the VM can compromise the guest OS.
* OS flaws in the guest OS can potentially compromise the host OS.
* virtualizing hardware is inherently less secure than the physical segmentation of using actual, separate machines, so when you consolidate many machines onto a VM system you have a net loss in security.
The ports tree is 3rd party stuff, not OpenBSD. Why don't YOU contribute instead of whining.
When a Port Is Lagging Behind the Mainstream Version
"The ports collection is a volunteer project. Sometimes the project simply doesn't have the developer resources to keep everything up-to-date. Developers pretty much pick up what they consider interesting and can test in their environment."
"If you really need a new version of a port, you should ask the MAINTAINER of the port to update the port....if you can send patches for this, all the better. To create proper patches, you should refer to the documentation on building ports."
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
> The Irish Potato Famine happened because Ireland ...
You missed the part where the World's richest nation continued to export other foodstuffs from Ireland, refusing to help.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Deleted
As another person pointed out on the OpenBSD list, see http://taviso.decsystem.org/virtsec.pdf for Tavis Ormandy's analysis of various VM's -- attack methods were exploiting bugs in the x86 architecture as well as invalid I/O device communication.
the cause of the Famine needs to be shared by the idiotic British
government at the time, and the greedy bastard landowners, as
well as the fungus. If the Irish had been free to BUY FOOD FROM
ABROAD not that many people would have starved.
Theo de Raadt argues that it's more secure to put applications on separate machines than to consolidate them into a single machine.
L. V. Lammert very inarticulately argues that having a VM provides more security, because otherwise, you're not going to put applications on separate machines, because it's too expensive.
http://outcampaign.org/
The fact is that very little hardening is typically done on the inside of the organization. A lot of organizations have the hard crunchy outside with a soft chewey center. (Don't remember who I heard make that analogy, but it's apt.) Most IT departments seem to have hardened servers at the border, but the inside is run-of-the-mill software and hardware. What this means is that maybe virtualization isn't great for the border proxies and firewalls, but it probably fits right into the controlled chaos on the inside, where nothing is especially secure anyway.
Actually I think he might argue that chroot'ing has been audited a lot more than any hypervisor and might be the more secure approach in many/most instances if it's set up correctly.
Some very well informed people might reply that "chroot is not and never has been a security tool."