Re: leaf-user Digest, Vol 20, Issue 11

> Its not that simple.  This assumes (as does C) that
there is an unknown
> attack vector exploitable from a compromised Leaf
system, which the
> attacker knows about and has not been patched.  Simply
breaking into 
> virtual Leaf will not provide you with access to the
host system.

I see, so you're supposing there isn't an exploit?  How do
you "prove
a negative"?  Look, in principle I very much approve of
virtual
machines.
I ran a commercial IBM VM/SP system on a mainframe in the
mid-80's.  
But even VM, with a history that ran back to 1967, had a
"rubber room" 
project at Share for the university student environment. 
There were
STILL security & management issues 20 years later.  

Only recently have IA machines been given hardware
enhancements that 
make full virtualization a viable prospect.  There is ONE
thing I agree 
with Bill Gates about--the 286 was born "brain
damaged".  But it was an
attempt to bring virtualization to IA, and failed
miserably.

That said, there are real differences between physical
machines and
virtual machines.  Virtual machines are not isolated as are
physical
machines.  Sometimes that's a good thing, sometimes bad,
sometimes
neither.

The real problem is the one which has always been Windows'
downfall.
For all that virtualization buys you, there are always
situations 
where people discover that what they (think they) want to do
would
be greatly enhanced if there could be more
"co-operation" between
different components.  They just think about what they want
to do,
or what they want to sell, not about how it opens up
possibilities
for other "uses".  Look at IP.  Security &
utility are generally at
cross-purposes.  Which do you want?

> I suppose there might be ways that a skilled hacker
could break through 
> once he's taken control of LEAF. He'd still need the
tools for it though 
> and with only the bare minimum available I fail to see
where he'd get
> them.

Back in the day, I had a SLMR tagline that said: "Real
programmers type
C:> COPY CON: PROGRAM.EXE".  That was funny in the
days of standalone
DOS and keyboards.  But in a networked system it ain't so
funny!  It
goes back to that "co-operation" point I made
above.

> Using VMware however I have no reason for any other
type of access than 
> console, so in order to get access to the LEAF box one
would first have 
> to gain control over an internal machine capable of
running VMware 
> console. Essentially this would be the only reason for
not using VM, 
> being unable to force physical access only.
-- 
Paul Rogers
paulgrogersfastmail.fm
http://www.xprt.net/~p
grogers/
Rogers' Second Law: "Everything you do
communicates."
(I do not personally endorse any additions after this line.
TANSTAAFL 

  	

-- 
http://www.fastmail.fm
- mmm... Fastmail...


------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------
------------
leaf-user mailing list: leaf-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user

Support Request -- http://leaf-project.org/

> Back in the day, I had a SLMR tagline that said:
"Real programmers type
> C:> COPY CON: PROGRAM.EXE".  That was funny in
the days of standalone
> DOS and keyboards.  But in a networked system it ain't
so funny!  It
> goes back to that "co-operation" point I made
above.

That's wat Charles said too...
Actually I had thought about this myself but figured if it
had to come 
to that they'd most likely give up.

>> Using VMware however I have no reason for any other
type of access than 
>> console, so in order to get access to the LEAF box
one would first have 
>> to gain control over an internal machine capable of
running VMware 
>> console. Essentially this would be the only reason
for not using VM, 
>> being unable to force physical access only.

This was also a consideration. The only way to gain access
to my LEAF 
box is to get into the console. There is no SSH or Telnet or
VNC or 
whatever else you can think of. To get ON the box the hacker
needs to 
get on the wrong side first. Depending on his intentions*
this would 
make it pointless to change anything on the LEAF box since
he already 
accomplished his goal.

* Spammers trying to use my computer for sending spam might
not like my 
firewall blocking outgoing traffic to port 25.

--

On the 'humanizing' subject: if you'd use some kind of
roll-code method 
there may still exist a security risc but the chances of
anyone hitting 
the jackpot would be ridiculously low. Twice would be a
miracle!
On the other hand - let's not get ahead of ourselves.

Gordon


------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------
------------
leaf-user mailing list: leaf-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user

Support Request -- http://leaf-project.org/

>I see, so you're supposing there isn't an exploit?  How
do you "prove
a negative"? 

I didn't say there wasn't an exploit.  I'm not sure where
you got that - I
actually pointed out that similar exploits have been found
in the past and
patched.*  All I was pointing out was your incorrect
assumption that once
someone got into the guest, that they would then be free to
run rampant over
the host and do as they please.  There is in fact no proof
at all that that
is the case.

In the final analysis, for the type of user who would employ
Leaf in a
virtualized environment, the security it provides - doing
the job it was
designed to do - should be "good enough."  I think
this type of environment
is far more susceptible to user-enabled attack vectors (ie.
Spyware,
viruses, etc.)  than an extremely skilled hacker uncovering
a currently
unknown flaw in VWMare, on top of breaking into a Leaf
system.

>I ran a commercial IBM VM/SP system on a mainframe in
the mid-80's.  
But even VM, with a history that ran back to 1967, had a
"rubber room" 
project at Share for the university student environment. 
There were
STILL security & management issues 20 years later.

And there will be security and management issues 20 years
from now.  It's
the nature of the beast.

- Bob Coffman  

*For example, http://www.gentoo.org/security/en/glsa/glsa-200711-23.x
ml



------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------
------------
leaf-user mailing list: leaf-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user

Support Request -- http://leaf-project.org/