Hacker Neue

Preferences
stouset parent
> anyone still thinks that they can draw a security boundary anywhere with a shared kernel

Containers are everywhere.

tptacek
They don't work as reliable security boundaries; they're developer/ops tools.
SEJeff
Thomas, what are your thoughts on micro-vms such as kata containers? You can use them as a backend for docker in place of runc.

I'm sure you're well aware, but for the readers, they are isolated with a CPU's VT instructions which are built to isolate VMS. I still think "containers don't contain" in a very Dan Walsh boston accent, but this seems like a respectable start.

https://katacontainers.io

tptacek
I have no strong opinion other than that untrusting cotenants shouldn't directly share a kernel.
burnt-resistor
They're slow and so unsuitable for dev work. They might be somewhat better for prod, but it depends on a wide selection of unproven hypervisors.
tptacek
Which "unproven" hypervisors are those? Kata works with Firecracker.
worthless-trash
I think they mean in regards to cross kernel attacks. vms didn't protect across speculative execution attacks.

I believe there are even more course grained timing attacks with dma and memory that are waiting to be abused.

tptacek
No, that's true, VMs don't protect against microarchitectural attacks. But neither does shared-kernel isolation; in fact, shared-kernel is even worse at it. So if that's the concern, it doesn't make much sense in the threat model.

This item has no comments currently.