Hacker News new | ask | show | jobs
by rbanffy 2370 days ago
There are many ways a hostile program inside a VM can escape it and run code on the host or, at least, negatively affect it.
2 comments
arpa 2370 days ago
Please do share how can one escape qemu.
link
jacquesm 2370 days ago
At your service:

https://www.techrepublic.com/article/vm-escape-flaw-in-qemu-...

link
arpa 2369 days ago
Beautiful! Thank you.
link
fghtr 2370 days ago
Not many if its Qubes OS.
link
rbanffy 2369 days ago
One would be quite enough.
link
fghtr 2369 days ago
In fact, Qubes is using hardware virtualization IOMMU/VT-d [0], which has been escaped only once in 2006 by the project founder [1].

[0] https://www.qubes-os.org/doc/architecture/

[1] https://en.wikipedia.org/wiki/Blue_Pill_(software)

link
rbanffy 2369 days ago
I trust Joanna Rutkowska's competence, but I wouldn't bet too much on chip makers not messing up again in the future.

It will be progressively harder, but it will happen.

link