I know most of the top VM companies out have put some significant effort in preventing vm's from being able to interact/interfere with each other. I am not as sure about the host vs VM. 

On Mon, May 21, 2018, 10:32 PM der.hans <PLUGd@lufthans.com> wrote:
moin moin,

I presume that if you run a container or VM as you on your system you can
make a copy of its memory from the host system.

If you run it as root, is root the only user ( outside of escalation
exploits ) that has access to the memory?

If you run it as a 3rd party, e.g. myvmuser, then only that user and root
can inspect the memory from the host side?

I'm contemplating the security implications of running a security or
privacy process ( password manager, keyserver, etc. ) in a containerized
or VM environment rather than just running it as an application on the
host.

Security and privacy processes try to lock down the memory on the host
system, but when the OS is in a sub-process you can dump the entire
memory.

In this particular case, I'm not worried about something escaping the
hosted system, rather I'm concerned about what can spy on the hosted
system.

ciao,

der.hans
--
https://www.LuftHans.com   https://www.PhxLinux.org
#  I'm not anti-social, I'm pro-individual. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss