[17510] in bugtraq
Re: Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
daemon@ATHENA.MIT.EDU (Pavel Machek)
Mon Nov 6 03:08:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20001105202652.A122@bug.ucw.cz>
Date: Sun, 5 Nov 2000 20:26:52 +0100
Reply-To: Pavel Machek <pavel@UCW.CZ>
From: Pavel Machek <pavel@UCW.CZ>
X-To: loki@f8labs.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <PGEAJALLCLNHFIPHDCNOIEMMCDAA.loki@f8labs.com>; from Loki on Thu,
Nov 02, 2000 at 05:41:14PM -0800
Hi!
> [ FINAL WORDS ]
>
> This basically shows that you can't rely upon anything but a
> total instruction-level emulation to make a real-looking and
> yet secure cage. We look forward to such a product as it would be
> a great tool in intrusion detection. As VMware shows, this can be
> done atleast on x86 CPUs and it would surprise me if it wouldn't
> be possible on other platforms (such as Sparc).
VMware is not really doing instruction-level emulation. It is doing
dirty tricks with native execution to speed it up. bochs is doing full
simulation, that's why it is slower than vmware.
Anyway, trickery VMware does is not required -- trapping all syscalls
is exactly as good. If you take a look at user mode linux (it is
available at sourceforge.net), you can do pretty much the same with
ptrace() interface. [And user mode linux is obviously opensource, so
it is practical to what you want].
Pavel
--
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
