Re: UML (Use Mode Linux), was: Re: [Jeff Covey @ Freshmeat] We Are Losing the Browser War

From: Stephen D. Williams (sdw@lig.net)
Date: Thu Mar 29 2001 - 18:21:37 PST


"Robert S. Thau" wrote:
>
> Stephen D. Williams writes:
>
> > Pretty slick how they emulate kernel/user mode, memory protection,
> > system calls, I/O interrupts, etc. It uses Linux threads to handle a
> > lot of context switching in it's threads, although only as many threads
> > are runnable as UML has virtual CPUs. Normally runs X using Xnest
> > (although obviously VNC could be used). It's biggest use is still
> > kernel development, but virtually hosted environments are becoming a
> > common use supposedly. UML doesn't have to run as root and of course
> > you could chroot it.
>
> Note that "protect kernel memory from userspace" is still on the TODO
> list at
>
> http://user-mode-linux.sourceforge.net/todo.html
>
> That puts a damper on some security-related applications, since it's
> probably not too hard for malware in virtual userland to overwrite the
> kernel and get direct access to the host at the syscall level, with
> the privileges of whatever host user is running UML. Fixing that is
> on the TODO list, though the current planned fix (explicitly changing
> page permissions for all kernel memory on kernel entry) may
> significantly slow the virtual machine's syscall entry and exit.

I hadn't caught that. Everywhere else they indicate that you have full
protection just like the native kernel. I browsed the patch but
couldn't determine yet how they share memory between threads, etc.

On the other hand, you could use a special 'nobody' and chroot jail and
get pretty far.

> VMWare is probably the best industrial strength environment for
> "virtual firewalling", though plex86 (which can be described as a free
> VMware workalike --- see www.plex86.org) seems to be getting there.

I've used VMWare since their first beta release: it's really great. I
run Linux natively and Win2kPro and Win98 all at once on my laptop, when
needed. Nearly flawless and very efficient. Can't wait until they have
3D hardware support and a few other goodies.

> rst

sdw

-- 
sdw@lig.net  http://sdw.st
Stephen D. Williams
43392 Wayside Cir,Ashburn,VA 20147-4622 703-724-0118W 703-995-0407Fax 
Dec2000



This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:15:12 PDT