
Escaping VMware Workstation Through COM1 - transpute
https://docs.google.com/document/d/1sIYgqrytPK-CFWfqDntraA_Fwi2Ov-YBgMtl5hdrYd4/mobilebasic?pli=1
======
ams6110
_You are absolutely deluded, if not stupid, if you think that a worldwide
collection of software engineers who can 't write operating systems or
applications without security holes, can then turn around and suddenly write
virtualization layers without security holes._ \-- Theo de Raadt

------
PhantomGremlin
Virtualization is a great tool for using "well behaved" programs. It's
foolhardy to expect it to defend against sophisticated malicious software.

About 40 years ago IBM studied the security of their own VM technology. They
found many exploitable bugs, and this was on a codebase that was probably less
than 1% the size of VMware. I wrote more about IBM's findings on HN about 3
months ago:

[https://news.ycombinator.com/item?id=9241807](https://news.ycombinator.com/item?id=9241807)

------
cbd1984
Remind me: Are modern hypervisors _meant_ to securely contain guests? Because
they advertise their presence pretty loudly, and there's nothing which
motivates a jail-break like reminding the inmate they're in a cell.

~~~
mey
This is why I'm not a fan of public cloud virtualization for high security
systems (PCI-DSS/HIPPA/etc).

In addition to the escapes, you need to contend with side channel timing
observation and resource contention.

------
pimlottc

        COM1
    

Man, I haven't even /thought/ about that term in years...

------
SFjulie1
That's not the only place that has poor isolation: clocks, cache, devices ...

virtualization comes with the lie of hardware isolation while devices are
views on common peripherals that are isolated at application level by an
incorrect abstraction.

jails and virtual machines alike are jails made of a strong but viciously
brittling glass.

------
Rangi42
I disable any hardware in VMware guests that I don't need, like printers,
speakers, or USB devices, to avoid exploits like this.

~~~
wwarren
The VENOM vulnerability that affected the Floppy Drive didn't require that you
had it enabled to be exploited: [http://news.softpedia.com/news/11-Year-Old-
Bug-in-Virtual-Fl...](http://news.softpedia.com/news/11-Year-Old-Bug-in-
Virtual-Floppy-Drive-Code-Allows-Escape-from-Virtual-Machines-481079.shtml)

------
smegel
Well I suppose a guest with access the internet could also deploy malware to a
website which is then visited by the host computer and downloads a hack that
patches vmware to allow full host control from the guest.

Depends on what you mean by "escape".

------
gnu8
Is this a bug in VMware or a bug in Windows?

~~~
flyryan
VMWare. It takes advantage of the fact that VMWare links guest VMs to the
host's printers by default and takes advantage of that link. The patch from
VMWare even applied to VMWare Fusion even though there hasn't been anything
published on getting this to work in OSX.

------
simcop2387
Anyone know why some of the images are incredibly low resolution?

~~~
miander
If you look at the non-mobile version at
[https://docs.google.com/document/d/1sIYgqrytPK-
CFWfqDntraA_F...](https://docs.google.com/document/d/1sIYgqrytPK-
CFWfqDntraA_Fwi2Ov-YBgMtl5hdrYd4/edit) you'll see that the images have been
resized to the width of the page, probably from much larger images, causing
the text to be very small and fuzzy.

