Hacker News new | ask | show | jobs
by londons_explore 2374 days ago
Running as actual root in a VM would be my preferred design. There are lots of times a user might need to apt-get some dependencies for their compile job. Let an attacker do whatever they like in the VM. Then delete the VM between users.

Docker containers aren't really a good security barrier, and a VM is much better (although VM escape vulnerabilities aren't unheard of).
2 comments
rbanffy 2374 days ago
There are many ways a hostile program inside a VM can escape it and run code on the host or, at least, negatively affect it.
link
arpa 2374 days ago
Please do share how can one escape qemu.
link
jacquesm 2374 days ago
At your service:

https://www.techrepublic.com/article/vm-escape-flaw-in-qemu-...

link
arpa 2372 days ago
Beautiful! Thank you.
link
fghtr 2374 days ago
Not many if its Qubes OS.
link
rbanffy 2373 days ago
One would be quite enough.
link
fghtr 2373 days ago
In fact, Qubes is using hardware virtualization IOMMU/VT-d [0], which has been escaped only once in 2006 by the project founder [1].

[0] https://www.qubes-os.org/doc/architecture/

[1] https://en.wikipedia.org/wiki/Blue_Pill_(software)

link
rbanffy 2372 days ago
I trust Joanna Rutkowska's competence, but I wouldn't bet too much on chip makers not messing up again in the future.

It will be progressively harder, but it will happen.

link
zer0t3ch 2374 days ago
I don't know much containerization outside of docker, but you can definitely apt-get some dependencies even inside docker containers.
link
londons_explore 2374 days ago
Inside a docker container, you are root, so you can apt-get.
link