On Sat, Aug 28, 2010 at 3:25 PM, intrigeri <intrig...@boum.org> wrote: > ... > Another "cost" mentioned by coderman was "elevated privs for > accelerated virtualization / para-virtualization". AFAIK VirtualBox > does not need any special privileges (once the kernel part of the > software is installed, and the modules/services loaded).
the loading / configuring of kernel module part is one elevated task. route table changes / altering iptables rules and chains*, many other such things require elevated privileges. there are often host facilities to permit specific use of valid settings, and rsbac constraints, lots of other mitigation techniques... if you give up acceleration and do full softmmu / user only and constrained device emulation you can still have a guest / least privilege virtual machine, but the overhead is significant. fortunately fast virtio devices are become common across both userspace only and accelerated virtual machine implementations. i also like livecd as you mention, and qubes on live fedora is a nice setup, perhaps coupled with HTTPS-Fuse on-demand pre-caching file system overlays... many many different combinations and techniques to complement and fit a particular need. the limiting factor is time to explore them all and their relative strengths/weaknesses/trade-off's... http://unit.aist.go.jp/itri/knoppix/http-fuse/index-en.html http://qubes-os.org/Architecture.html * i call this out specifically because you need extend beyond the basic VirtualBox / Qemu / VMWare settings associated with the common bridge, nat, host-only network devices and implement host level routing protections; otherwise you're exposed to a number of potential side channel and other attacks listed in the FAQ and elsewhere. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
