I know most of the top VM companies out have put some significant effort in
preventing vm's from being able to interact/interfere with each other. I am
not as sure about the host vs VM.
On Mon, May 21, 2018, 10:32 PM der.hans <
PLUGd@lufthans.com> wrote:
> moin moin,
>
> I presume that if you run a container or VM as you on your system you can
> make a copy of its memory from the host system.
>
> If you run it as root, is root the only user ( outside of escalation
> exploits ) that has access to the memory?
>
> If you run it as a 3rd party, e.g. myvmuser, then only that user and root
> can inspect the memory from the host side?
>
> I'm contemplating the security implications of running a security or
> privacy process ( password manager, keyserver, etc. ) in a containerized
> or VM environment rather than just running it as an application on the
> host.
>
> Security and privacy processes try to lock down the memory on the host
> system, but when the OS is in a sub-process you can dump the entire
> memory.
>
> In this particular case, I'm not worried about something escaping the
> hosted system, rather I'm concerned about what can spy on the hosted
> system.
>
> ciao,
>
> der.hans
> --
> # https://www.LuftHans.com https://www.PhxLinux.org
> # I'm not anti-social, I'm pro-individual. - der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)