RE: More on VMWare poor guest isolation design

attacker in the future. Some of you keep trying to point out that owning the
host always means owning the guests, but that isn't always the case,
especially if you are not a full administrator on the host machine.
...

should be able to protect a virtual guest from its host. There's no way a
non-admin user is going to be able to modify the RAM of a vm. And in Windows
Vista, if not already blocked, even as an administrator I would have to
explicitly allow a worm to access the RAM or disk of a virtual machine. No
worm is going to access a vm's resources without a UAC prompt coming up.

UAC is not a security boundary.

You don't need administrator privileges. If the VM is running with the same privileges of the attacker, he can alter the program state of the VM. The most obvious way with VMWare is to pause the machine. This writes out physical memory as a .vmem file. Alter the file and resume VMWare. Less obviously you can use the OS debugging APIs, or inject a DLL into the address space of the VM process, or map its memory using memory management APIs, or exploit a vulnerability in the VM process, or.....

Similar attacks can be performed by altering the disks or attaching malicious hardware. You could point out that the guest OS need not
trust the disk or the hardware and you would be right. However, all
of the important OSs *DO* trust disks and most are very trusting of
hardware.

Your statements that administrator access protects the VM is simply false. Your assumption that UAC will protect you from low-privileged worms is similarly wrong.

Mark

Tim Newsham
http://www.thenewsh.com/~newsham/

Relevant Pages

  • Re: Backup and reinstall - no server access
    ... >>>We have a Windows Server 2003 with a lost Administrator password. ... >>>Knoppix), plug in a USB hard disk, copy the files on the Windows ... > As for having two administrator accounts, ...
    (microsoft.public.win2000.setup)
  • Re: retreve files from NTFS disk after XP-crach
    ... Take Ownership of a File or Folder in Windows XP ... > my disk into her computer witch also uses XP. ... > administrator rights) I was not able to access the files on my disk ... Or if nothing can be done with it, is there a reason why ...
    (microsoft.public.windowsxp.security_admin)
  • retreve files from NTFS disk after XP-crach
    ... my disk into her computer witch also uses XP. ... administrator rights) I was not able to access the files on my disk ... Or if nothing can be done with it, is there a reason why ...
    (microsoft.public.windowsxp.security_admin)
  • Re: scared ??itless
    ... disk mounted as a second or external disk is to "take ownership" of them as ... > and you can get Administrator privileges, ... > simply better to reinstall anyway. ... I check my status for my wireless card and it is sending ...
    (microsoft.public.security.virus)
  • Re: Administrator files cannot be accessed
    ... but afterwards my user "Administrator" (also in safe mode) ... resulting in error messageduring "Administrator" logon. ... > I am not sure what you are up against on the disk label issue. ... >>> that are special to that account. ...
    (microsoft.public.windowsxp.security_admin)