Possible Security problem of Virtualization

Support for security such as Firewalls and securing linux
Post Reply
hongbo
Posts: 1
Joined: 2007/03/28 05:32:12
Location: Australia
Contact:

Possible Security problem of Virtualization

Post by hongbo » 2007/05/14 07:59:16

Hi I am testing Centos 5 para-virtualization and noticed one possible security problem.

In short: any user on the system can gain root access to the virtual machine without root passwd.

0. Base System (Domain-0) is Centos x64 with Virtualization kernel installed.
A para-virtualization guest (also CENTOS 5 x64, let's call it Domain-1) has been installed on
the system and works properly.

1. Login as 'root' to GNOME desktop of Domain-0, click menu Application - System Tools - Virtual Machine Manager,
Now you will see your guest Domain-1 is listed in the 'Virtual Machine Manager' Window.

Double click Domain-1 in the list, 'Domain-1 Virtual Machine Console' is now opened.

Now you have login screen, let's Login as 'root' into Domain-1.

Now close the 'Domain-1 Virtual Machine Console' window (without logout).

Logout 'root' from Domain-0 (from menu System - Log Out Root).

2. Now Login as 'any-user' to desktop of Domain-0, click menu Application - System Tools - Virtual Machine Manager,
Now you will see your guest Domain-1 is running in the 'Virtual Machine Manager' Window.

Double click Domain-1 in the list, 'Domain-1 Virtual Machine Console' is now open, WHAT, ROOT is still logged in
on Domain-1, as 'any-user' on the system (domain-0), you are now can do anything to domain-1 as root.


Is this a feature or problem!!

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Possible Security problem of Virtualization

Post by gerald_clark » 2007/05/14 14:23:39

Basically, you left the room with your terminal logged in as root.
What else would you expect?

Post Reply