I know most of the top VM companies out have put some significant effort in
preventing vm's from being able to interact/interfere with each other. I am
not as sure about the host vs VM.

On Mon, May 21, 2018, 10:32 PM der.hans <PLUGd@lufthans.com> wrote:

> moin moin,
>
> I presume that if you run a container or VM as you on your system you can
> make a copy of its memory from the host system.
>
> If you run it as root, is root the only user ( outside of escalation
> exploits ) that has access to the memory?
>
> If you run it as a 3rd party, e.g. myvmuser, then only that user and root
> can inspect the memory from the host side?
>
> I'm contemplating the security implications of running a security or
> privacy process ( password manager, keyserver, etc. ) in a containerized
> or VM environment rather than just running it as an application on the
> host.
>
> Security and privacy processes try to lock down the memory on the host
> system, but when the OS is in a sub-process you can dump the entire
> memory.
>
> In this particular case, I'm not worried about something escaping the
> hosted system, rather I'm concerned about what can spy on the hosted
> system.
>
> ciao,
>
> der.hans
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  I'm not anti-social, I'm pro-individual. - der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss