LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices

Reply
 
Search this Thread
Old 06-02-2011, 03:48 PM   #1
ServerNoob
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 0
Braking out of a virtual machine guest and cracking the host OS, possible?


I've heard several times if a skilled attacker brakes into a VM guest OS trough Internet, it's only a matter of time before he is inside the host OS and rooting it. Is this possible, and how likely is it to happen? What can you do to prevent such attacks?
 
Old 06-02-2011, 04:01 PM   #2
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,210
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
For starters, dont believe everything you hear/read...and if it is true, dont panic

Is the host OS Linux? If so, there's no worry...unless the little seven next to your tux is ... the "thing", then you could be in trouble...

Okay, face it. You get a different IP address every once in a while. The virtual OS has its own space and is not even aware it's running in a virtual space, hardening the virtualised OS just a little should suffice, and it's not running all the time, I assume.
If the hacker could (word to look at: COULD) break tru, (s)he lands in a Linux OS. Then the real challenge lies ahead: setting up shop/a rootkit, for that (s)he needs: the root pass. Is that known? No. So, stuck...

Okay, everything is possible, but this is very remotely possible...just as it is not possible to hack an other PC via a KVM...

Thor

Last edited by Thor_2.0; 06-02-2011 at 04:03 PM.
 
Old 06-02-2011, 08:03 PM   #3
Arcane
Member
 
Registered: May 2006
Location: Latvia, Europe
Distribution: random
Posts: 287

Rep: Reputation: 164Reputation: 164
Yes it is possible IF attacker is very skilled BUT to be fair it just won't happen to anyone who is average computer user since skilled people don't waste time with random people..
 
Old 06-02-2011, 08:43 PM   #4
jefro
Guru
 
Registered: Mar 2008
Posts: 11,533

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
It has been said it could be broken into. One would break into it by some means. Problem is the method would usually be there VM or not.
 
Old 06-02-2011, 09:01 PM   #5
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
i would say it depends on how well hardened the host and guest OSes are, but in reality it's almost the same as saying that if an attacker breaks into a workstation on your network it's only a matter of time before they get into the server on the same network, yes it can be done, and there might be a bit less security between the vm and the host, but as mentioned it really isn't much different then if it were two different physical machines on the same network.
 
Old 06-02-2011, 09:31 PM   #6
Arcane
Member
 
Registered: May 2006
Location: Latvia, Europe
Distribution: random
Posts: 287

Rep: Reputation: 164Reputation: 164
If you are that much of paranoid..either disconnect from internet OR create(because reinstalling OS every day or two is painfull) custom LiveOS that runs from untouchable media(one time CD,DVD for example) or even better only RAM(after boot) and when you need save documents insert USB then disconnect and rest will be NOTHING. Also put password on BIOS, use router or at least Firewall with closed ports and no forwarding and done. Even if someone will be crazy to try mess with you now they will be up for HUGE surprise.
P.S.This method has one minus - you still can't be careless where and how you put sensitive data in web like passwords and such but rest is piece of cake.

Last edited by Arcane; 06-02-2011 at 09:37 PM.
 
0 members found this post helpful.
Old 06-03-2011, 01:12 AM   #7
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,210
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Quote:
It has been said it could be broken into. One would break into it by some means.
Just me being pedantic here, but the key-word is INTO, yes, if the virtualised OS is a "flake" like the "thing" - THAT can be broken INto, no sweat, it's the breaking OUT that's worrying OP - and that may not be all that easy if at all feasable...

Jefro may just have poked the right nerve here...

Thor
 
Old 06-03-2011, 04:07 PM   #8
ServerNoob
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Original Poster
Rep: Reputation: 0
Both host and guest are Linux, but both are also hardened. The virtual machine program is ran by an unprivileged user on the host OS, and the virtual machine program itself is protected by apparmor on the host OS too. But it uses KVM for speed, or else the guest OS runs too slow, I don't know how secure it is to use KVM since I guess that requires some root work on the host OSs kernel.?

I don't know what Thor_2.0 means when he says "the little seven next to your tux is ... the "thing"", lol, you gotta fill me in on that one. Either I'm stupid or I've missed something.
 
Old 06-03-2011, 04:34 PM   #9
jefro
Guru
 
Registered: Mar 2008
Posts: 11,533

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
There is no system that is secure. Even air gap systems get hacked. Where it be from outside or inside.

Can one hack a networked system? Well, OS's tend to be somewhat secure. BSD's tend to be better. Problem is applications that run on them have holes. That is how hackers exploit most systems. Every year they hold pawn2own contests. Systems tend to fall in a few minutes.

Last edited by jefro; 06-04-2011 at 02:13 PM.
 
Old 06-04-2011, 04:13 AM   #10
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,210
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Quote:
I don't know what Thor_2.0 means when he says "the little seven next to your tux is ... the "thing"", lol, you gotta fill me in on that one. Either I'm stupid or I've missed something.
The little round logo...is that a windows 7 logo? Unless I need enlightenment myself... Hey, never mind...

So, both are Linux, and both are hardened. Hmmm...as jefro pointed out, an air gap and "ploop" they're in. But I'd be surprised if they bet beyond the "frame"...

Thor
 
Old 06-04-2011, 05:36 AM   #11
ServerNoob
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Thor_2.0 View Post
The little round logo...is that a windows 7 logo? Unless I need enlightenment myself... Hey, never mind...
LOL! I didn't think of that.

Quote:
Originally Posted by Thor_2.0 View Post
Hmmm...as jefro pointed out, an air gap and "ploop" they're in.
You've got to wonder how internet banks even can exist in this world if it's really that easy. "ploop" and all the money is transfered to Switzerland. The next week I need more money "ploop" thanks. Not to mention other critical high profile servers, that actually manages to stay alive and unhacked. How come?
 
Old 06-04-2011, 06:20 AM   #12
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,210
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Well, everything boils down to the ... (drumroll) user.

Some examples:

A coleague got her hotmail pass stolen, she should NOT have clicked on the "ever so inviting and scary" mail to have her password renewed, before at least looking at the destination address of a page that looks pretty legit.

A bank user HAS to stay up to date with security updates.

A system admin (go figure) I once worked with had the same pass for all the servers in the company, and it was ...(drumroll) "mouse"

Enough examples to choose from.

It boils down to the user that needs to get (himself) educated. What's the old wisdom mom gave us? Do no trust a stranger.

And, yes, all in all, given a bit of common sense, it's pretty safe...

Thor
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Host OS unable to connect to Guest OS (virtual machines) in VMware vikas027 Linux - Virtualization and Cloud 18 08-16-2012 08:15 AM
Linux host with windows guest virtual box Hioushi Linux - Virtualization and Cloud 8 02-17-2011 05:35 PM
Virtual machine freezes host and guest davholla Linux - Virtualization and Cloud 3 11-20-2010 03:49 PM
How to configure the serial port of my virtual machine with host machine. akram Linux - Newbie 4 07-31-2009 10:39 PM
VMWare guest connects to every machine but host dcroxton Linux - Networking 4 08-04-2007 06:50 PM


All times are GMT -5. The time now is 04:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration