19 Jul
2015
19 Jul
'15
10:54 p.m.
On Sun, Jul 19, 2015 at 10:15:38AM +0200, Florian Weimer wrote:
* Georgi Guninski:
You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others.
Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.
Not all service providers hand you the capability to run arbitrary code to run VM exploits, so you have to exploit an application bug first. (And the application may even run on bare metal.)
Service providers can also provision VMs in such a way that customers can only attack themselves.
Really? Isn't this too expensive for times of crisis like this? Anyway, me conjecture that there are plenty of bugs alive.