Say you're running your business on a rented virtual private server. How secure is your setup? I wouldn't expect it to be more secure than the system your server runs on, and a simple experiment confirmed it.
I performed the experiment on a Linux system running VMware server software (the host). Inside a virtual machine I installed FreeBSD 6.2 (the client). I assumed an adversary had obtained full control of the host, and was attempting to gain access to the client. This could happen through a security hole on the host, or a malicious system administrator. In my case I had created the virtual machine, and therefore had full control over it and full access to its files. Here is how I used my access privileges on the host to gain access to the client as user jsmith.
master.passwd
file.
host$ cd /space/vm/client host$ grep :/home/jsmith:/usr/local/bin/bash * Binary file freeBSD.vmss matches Binary file istlab-s001.vmdk matches Binary file istlab-s002.vmdk matches
jsmith:0tOcWfiX8z7Qc:1042:20007::0:0:John Smith:/home/jsmith:/usr/local/bin/bashinto
jsmith:: 1042:20007::0:0:John Smith:/home/jsmith:/usr/local/bin/bash
Last modified: Monday, April 16, 2007 10:14 pm
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.