Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Local Zone Security

Status
Not open for further replies.

neuralnode

Technical User
Sep 12, 2007
59
PL
Hi All,

A friend of mine has suggested recently that since the Solaris zone feature relies on software-level isolation (as opposed to hardware-level isolation, as with AIX LPARs), then it is theoretically possible to break out of the local zone to the global zone.

My question is: has anything like that been ever reported?
Has anyone ever managed to hack themselves out of the local zone?
Is it even realistically possible?

Thanx in advance for the enlightenment.

--
 
Q1) Has it ever been reported?
A1) I have never heard of a Solaris Zone being escaped from.

Q2) Has anyone managed to hack out of a local zone?
A2) See A1.

Q3) Is it possible?
A3) Possibly. Developers still can't write secure software (look at US-CERT vulnerabilities), so you think they can begin writing secure virtualization software?

If you are concerned then use Logical Domains (similar to AIX DLPAR's). As a side note, Solaris Zones are similar to AIX WPAR's.

Or find yourself and old Sun Fire e2900 and use fault-isolated hard partitions which are secure.

BTW, I think your friend reads to much Internet fluff.
 
Thanx blarneyme for your comments.

I must clear out one thing: I am very far from being paranoid about Solaris zones security, and in fact I'm very skeptical as to my friend's claims. Yet I wanted to ask the Forum if there has ever been any confirmed example of zone break (which I doubted from the very beginning).

--
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top