Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
If the kernel that's run inside the VM is vulnerable to a remote exploit, you just loop through all the VMs and exploit it's kernel to take over that VM.
the fact that it's a separate kernel from the main OS kernel can be an advantage or disadvantage, depending on how stripped down it is and how it's upgraded.
I've seen too many people think that VMs never need to be upgraded and so they end up running old, vulnerable versions of things inside the VM because "virtualization solves the security problem"
Qubes 1.0 released
Posted Sep 7, 2012 18:44 UTC (Fri) by lindi (subscriber, #53135)
The VMs that are connected typically have a firewall (running in a separate VM too) with a policy that limits the incoming traffic. Software can always have bugs but local root vulnerabilities are much more common than remotely exploitable bugs against a system that only runs firewall and offers no services.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds