JP Vossen on 8 Nov 2018 15:53:11 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] new virtualbox exploit - virtualizers


On Thu, Nov 8, 2018 at 3:35 PM jeff <jeffv@op.net> wrote:
On 11/8/18 3:19 PM, Rich Freeman wrote:
in VMs is VMware which you typically wouldn't run on a linux host.
aside from the above, why?

As Rich said, Lee is more current but...it depends which "VMware."

VMware Workstation is intended for dev & testing & stuff and runs like VBox as a GUI on top of an OS. While you can run it on Winblows, it's like building a castle on sand... OTOH, it used to be a REAL pan with new kernel versions on Linux. The KMS stuff made that a lot less bad.

VMware ESXi is the bare metal hypervisor. It was based on RHEL but years ago (RHEL 3-4?) and has probably diverged a lot. They go to some lengths to NOT let you do stuff at the OS level, like not including `rsync` and making it pretty painful to add...stuff like that. They really want to to use their tools and pay them licenses for them, not surprisingly.

I'm forced to run Winblows 8.1 at $WORK and the only thing that lets me do anything useful is my Linux Mint VM in VBox. I'd much rather run Winblows in a VM on top of Linux, but I can't. So I've been forced to build the castle on sand. Snapshots and "save state" are critical though, both to recover from host OS crashes and arbitrary mandatory reboots after arbitrary mandatory updates. To be fair, if I had to admin Winblows I'd quit, but if I really had to, I'd force updates & reboots too, that's the only way to even have a chance of keeping it marginally secure.

Thanks to Michael for the OP.

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug