Comments on: VMWare Apps Escaping the Sandbox Spells Trouble for Virtualization http://www.adeptechllc.com/2008/02/27/vmware-apps-escaping-the-sandbox-spells-trouble-for-virtualization/ Software, Process and Security Fri, 21 Nov 2008 09:22:08 +0000 http://wordpress.org/?v=2.6.2 By: Keith McMillan http://www.adeptechllc.com/2008/02/27/vmware-apps-escaping-the-sandbox-spells-trouble-for-virtualization/#comment-121 Keith McMillan Fri, 29 Feb 2008 02:34:09 +0000 http://www.adeptechllc.com/2008/02/27/vmware-apps-escaping-the-sandbox-spells-trouble-for-virtualization/#comment-121 I had the impression that once escaping to the underlying OS, programs could access files outside the share, so I went back and checked. Yep, sure enough: <blockquote> "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations," confirmed VMware. </blockquote> I had the impression that once escaping to the underlying OS, programs could access files outside the share, so I went back and checked. Yep, sure enough:

“On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations,” confirmed VMware.

]]> By: Peter H Coffin http://www.adeptechllc.com/2008/02/27/vmware-apps-escaping-the-sandbox-spells-trouble-for-virtualization/#comment-116 Peter H Coffin Thu, 28 Feb 2008 13:48:53 +0000 http://www.adeptechllc.com/2008/02/27/vmware-apps-escaping-the-sandbox-spells-trouble-for-virtualization/#comment-116 One detail I've been worndering about is whether malware could see the whole of the underlying OS, or just the part that's shared. (Obviously, this wouldn't prevent people from sharing whole drives "for convenience"... It is much harder to help such people, though.) One detail I’ve been worndering about is whether malware could see the whole of the underlying OS, or just the part that’s shared. (Obviously, this wouldn’t prevent people from sharing whole drives “for convenience”… It is much harder to help such people, though.)

]]>