VM Page #1064
@ -9,7 +9,7 @@
|
||||
|
|
||||
<ol>
|
||||
<li><strong>Choosing a strong hyperviser.</strong>
|
||||
```suggestion
<li><strong>Choosing a strong hypervisor</strong>
```
|
||||
<ul>
|
||||
<li>Use one that is href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li>
|
||||
|
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
<li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li>
|
||||
|
There is a dot missing in the end while other lines end to a dot. There is a dot missing in the end while other lines end to a dot.
How about Virtualbox OSE/CE? I don't remember which name it is. I haven't used QEMU personally that I remember of. How about Virtualbox OSE/CE? I don't remember which name it is. I haven't used QEMU personally that I remember of.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If I remember properly, Virtual box uses non-free code for GPU exceleration. I've looked at others too, like GNOME (Linux) boxes and VMM (OpenBSD and UNIX-based OSes) but they only support a few platforms. XEN also looked promising, but if I remember properly they don't work on any LIbreboot laptop and many Coreboot machines as they require non-free code for the CPU. QEMU-kvm may require non-free code as well. If I remember properly, Virtual box uses non-free code for GPU exceleration.
I've looked at others too, like GNOME (Linux) boxes and VMM (OpenBSD and UNIX-based OSes) but they only support a few platforms.
XEN also looked promising, but if I remember properly they don't work on any LIbreboot laptop and many Coreboot machines as they require non-free code for the CPU.
QEMU-kvm may require non-free code as well.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
```suggestion
<li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU.</li>
```
|
||||
<li>Stay wary of KVM as it can be a security risk (accesses kernel).</li>
|
||||
|
Citation needed? Citation needed?
KVM's in general widen your attack surface. For more info just look up the micro vs monolithic kernel debate. KVM's in general widen your attack surface.
For more info just look up the micro vs monolithic kernel debate.
Gives you plenty of information and instances.
|
||||
<li>Choose one with managable settings like shared clipboard.</li>
|
||||
|
Is shared clipboard a secure setting? What if untrusted application from the VM copies a malicious script to your clipboard and you accidentally paste it to your root terminal or it includes Is shared clipboard a secure setting? What if untrusted application from the VM copies a malicious script to your clipboard and you accidentally paste it to your root terminal or it includes `sudo` while your sudo cooke is still in force? What do you mean with manageable settings here?
It is handy, but it generally should be turned off.
I mean that you (the user) should be able to control it. Not sure what edit your recommending (if any) :) > Is shared clipboard a secure setting?
It is handy, but it generally should be turned off.
> manageable settings
I mean that you (the user) should be able to control it.
__________
Not sure what edit your recommending (if any) :)
```suggestion
<li>Choose one with manageable settings like shared clipboard.</li>
```
|
||||
</ul>
|
||||
|
||||
|
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it.
If this is the general consensus, I'll remove it.