-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Allums wrote: > On 4/26/2010 5:24 PM, Clive McBarton wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Mark Allums wrote: >>> Some people are scared of shared folders as possible attack vectors, >>> thus security risks. >> >> What exactly are those risks?
> It depends on the mechanism used to share the folders. If if is through > a network interface, then the risks are similar to the risks on any > trusted intranet. OK. > If the folders are provided by the VM internals, then the risk is what > you can lose by a successful attack on the guest kernel or the host VM. And how much is that? Assuming there's one folder on the host that the guest can write to (that's what I understand by "shared folder"), than a successful attack can fill up space on the host, but that's it. It cannot get out of this folder as far as I can see. > If the host VM is kernel-based, then the risk is that of a (host) > kernel attack. OK. > Note: I'm using "risk" as in "what can you lose?" If you mean attack > vectors, then those should be evident I'm not sure I get the distinction "risk" vs "attack vector". Nor do I find those particularly evident. Which is probably my lack of knowledge in that area. Could you please enlighten me here? > Google Joanna Rutkowska. She probably knows as much as > anyone about breaking out of a VM to attack the host. Just one person can do this? I feel safe now. > I'm sure others on this list know more than I do about it. I hope they share their knowledge here, so I can learn. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkvaBk0ACgkQ+VSRxYk4408DpwCfVxGZgQGKka2YCBCZJToGQKFB 2iEAn0CucSotl67SjbdQBAMAOPRNhg4S =zYGb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bda064d.5010...@web.de
