Virtual PC / server with ring compression insecure?, in Virtual PC
ASP Developer Network - Brought to you by Steve Radich and BitShop, Inc. - http://www.bitshop.com

ASPDeveloper
Menu
 ASPDeveloper
 Home
 Contact us
::  Wiki
::  Image Galleries
::  Articles
::  Blogs
::  Forums
::  Directory
::  File Galleries

ASPDeveloper.Net / VirtualServerFAQ.COM

Make sure you go to our home page for:

* Virtual Server 2005 FAQ
* ASP.Net 2.0 Information
* ASP.Net 2.0 Streaming Tutorials
* ASP.Net 2.0 HTML based Tutorials

Made possible by Business Internet Technology Shop (BitShop)



View :  Show duplicate posts
Virtual PC

Recent Virtual PC posts

virtual pc to hyper-v
Can"t access CD ROM in VPC
Using Virtual PC with installed OS"s
question about xp"s tcpip limit of 10 half connections
Do I have to re-install all my dev software into virtual machine
print drivers gone!!
what does pause do
Not enough memory to start Virtual machine ?
HDA Audio bus driver problem in VM?
virtual PC recovery problem?
joanna@invisiblethings.org
Black screen when restoring XP Ghost image to Virtual PC 2007.
Load existing W2K installation into Virtual PC Environment
I need help to set up my virtual pc
Reboot or select proper boot device Problem
If my virtual pc is corrupt how can I restore it?
Undo disk feature disabled?
VHD for IE8 beta 1 + WinXP SP2 - Virtual Machine Additions fails
Keyboard haywire after resume
If already have XP on PC do I have to re-install it.
 Add Solution

Latest Topics

Table Of Contents

Post Reply |  This is Spam! | Mark as Spam

Virtual PC / server with ring compression insecure?

Source: microsoft.public.virtualpc
Sent: 03/15/2008
From: "Sebastian G." <(email address - cut out)>
Message:

Hello there.

According to the stuff told by Mike Neil, VPC and VS use a technique called
"ring compression", which essentially runs the guest OS in ring1 and traps
all privileged instruction (at least when no hardware assisted
virtualization is available).

This sounds very very very fishy to me, since ring1 and even ring2 still has
enough privileges to easily elevate to ring 0. For example ring2 and above
are free to modify their own I/O bitmap, and then do port-based I/O as they
like, including stuff like sending arbitrary commands to storage
controllers. There's nothing an OS or VMM in ring 0 could do to restrict this.

With hardware assisted virtualization this is no problem, since a monitored
ring 0 is essentially a ring 3, and ring -1 is the new ring 0.

Now is this just a big gross security vulnerability or just wrong
documented? I'm better asking before wasting my time on hacking together a
proof of concept.

Post Reply |  This is Spam! | Mark as Spam

Related Messages

Post Reply |  This is Spam! | Mark as Spam


Table Of Contents


Other groups

 
Virtual PC (Mac)(3520) Virtual PC(12097) Virtual PC (French)(435)
Virtual Server 2005(5578)
Search
in:
Our Sponsors
Virtual Server 2005 Info Here!
http://www.aspdeveloper.net
Virtual Server 2005 Info Here!
http://www.aspdeveloper.net
Virtual Server 2005 Info Here!
http://www.aspdeveloper.net
Virtual Server 2005 Info Here!
http://www.aspdeveloper.net
Virtual Server 2005 Info Here!
http://www.aspdeveloper.net
rss Wiki rss Blogs rss Articles rss Image galleries rss File galleries rss Forums rss Maps rss Directories
ASP Developer Network (since 1996) - Brought to you by Steve Radich and BitShop, Inc. - http://www.bitshop.com
Copyright © 1997-2005 by BitShop, Inc. All Rights Reserved.
No content may be reproduced in any form without written permission from BitShop, Inc.
We will be honored to assist with reproduction rights on our material if you contact us.
We also can provide print articles for your magazine, private training seminars at your site, and conference presentations.
Thank you for visiting. Please bookmark our site if you found it useful!
If you wish to make a donation it will help further the development of these free resources: