[Linux-disciples] Running the browser as a separate user
Adam Rosi-Kessel
adam at rosi-kessel.org
Tue Nov 1 11:52:00 EST 2005
Stephen R Laniel wrote:
> Is there any way for an app running inside the virtual
> machine to break out and get access to the 'outer' machine?
> That would, I suppose, be one of the big ways to defeat the
> security of a virtual machine ... if it buys us any security
> at all, which it may not; I've only recently started to
> think about this stuff.
Well, any of the VM packages allow you to establish some tunnel to the
outside machine. You can either have the virtual machine on a virtual LAN
with the real machine, or you can export part of the filesystem so that it
is accessible to the inside machine as a virtual drive.
So, yes, I think this would be a very secure way to do things--have a
separate virtual machine for every task. You could use qemu, bochs, possibly
xen, or UML.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20051101/5df89cca/signature.pgp
More information about the Linux-disciples
mailing list