"Robert S. Thau" wrote:
> Stephen D. Williams writes:
> > Pretty slick how they emulate kernel/user mode, memory protection,
> > system calls, I/O interrupts, etc. It uses Linux threads to handle a
> > lot of context switching in it's threads, although only as many threads
> > are runnable as UML has virtual CPUs. Normally runs X using Xnest
> > (although obviously VNC could be used). It's biggest use is still
> > kernel development, but virtually hosted environments are becoming a
> > common use supposedly. UML doesn't have to run as root and of course
> > you could chroot it.
> Note that "protect kernel memory from userspace" is still on the TODO
> list at
> That puts a damper on some security-related applications, since it's
> probably not too hard for malware in virtual userland to overwrite the
> kernel and get direct access to the host at the syscall level, with
> the privileges of whatever host user is running UML. Fixing that is
> on the TODO list, though the current planned fix (explicitly changing
> page permissions for all kernel memory on kernel entry) may
> significantly slow the virtual machine's syscall entry and exit.
I hadn't caught that. Everywhere else they indicate that you have full
protection just like the native kernel. I browsed the patch but
couldn't determine yet how they share memory between threads, etc.
On the other hand, you could use a special 'nobody' and chroot jail and
get pretty far.
> VMWare is probably the best industrial strength environment for
> "virtual firewalling", though plex86 (which can be described as a free
> VMware workalike --- see www.plex86.org) seems to be getting there.
I've used VMWare since their first beta release: it's really great. I
run Linux natively and Win2kPro and Win98 all at once on my laptop, when
needed. Nearly flawless and very efficient. Can't wait until they have
3D hardware support and a few other goodies.
-- firstname.lastname@example.org http://sdw.st Stephen D. Williams 43392 Wayside Cir,Ashburn,VA 20147-4622 703-724-0118W 703-995-0407Fax Dec2000
This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:15:12 PDT