Re: VMs without Administrator rights [was: Threat model: Parents]
On 5/31/15, Barton Gellman <otr@riseup.net> wrote:
... * A virtual machine may be possible on the monitored host, if the required drivers are already present. Probably not. See http://www.vbox.me/. If anyone knows a VM that works without admin rights, speak up.
in the Tor VM experiment from years back (2007) Qemu was used because it could be run as a restricted user once the Windown Tap and Pcap drivers were installed. throughput was poor, and this is the crux of a non-admin virtualization environment - performance demands privileges! less a problem for headless network appliances - a real big problem for interactive graphical user interfaces... best regards,
On 06/02/2015 12:44 AM, coderman wrote:
On 5/31/15, Barton Gellman <otr@riseup.net> wrote:
... * A virtual machine may be possible on the monitored host, if the required drivers are already present. Probably not. See http://www.vbox.me/. If anyone knows a VM that works without admin rights, speak up.
in the Tor VM experiment from years back (2007) Qemu was used because it could be run as a restricted user once the Windown Tap and Pcap drivers were installed.
That's also the case for VirtualBox. So just get admin rights to install the drivers, and then give them up again.
throughput was poor, and this is the crux of a non-admin virtualization environment - performance demands privileges!
less a problem for headless network appliances - a real big problem for interactive graphical user interfaces...
best regards,
On 6/2/15, Mirimir <mirimir@riseup.net> wrote:
... That's also the case for VirtualBox. So just get admin rights to install the drivers, and then give them up again.
this detail - separating admin rights for virtual devices from the run-time user rights of an executing virtual machine becomes quite important when guest escapes happen. e.g. http://xenbits.xen.org/xsa/advisory-135.html ''' ... a 24-byte overflow allows the guest to take control of the phys_mem_write function pointer in the PCNetState_st structure, and this is called when trying to flush the updated transmit frame descriptor back to the guest. By specifying the content of the second transmit frame, the attacker therefore gets reliable fully-chosen control of the host instruction pointer, allowing them to take control of the host. ''' fun times :) best regards,
participants (2)
-
coderman -
Mirimir