Rootkit Hunter

Martin Marcher martin.marcher at
Sat Dec 23 16:43:42 UTC 2006

Am 23.12.2006 um 16:33 schrieb Gabriel Dragffy:

> I think perhaps that when we're talking about this kind of virus it
> isn't limited to just VMware. Imagine a virtual server service that  
> has
> a single computer hosting 50 operating systems using Xen  
> technology. Now
> think about the trouble that a virus could cause all that.  
> Horrible. If
> a virus managed to escape the guest OS...

No need to think that this (method) is new. Just think of the very  
common chroot environments for

* postfix
* bind
* apache
* etc

This is to some extend the same, postfix doesn't have a clue about  
the rest of the system when chrooted, you can't really find out about  
it. Also have a look at the way gentoo is installed, if you chroot  
to /mnt/myinstall you are trapped inside this directory, how would  
you get info about the hosts /proc (or whatever) filesystem.


PS: still it is new as it is now hardware supported and doesn't need  
any special environment. Also James Bond is just a mere mortal, his  
emails can be faked too so no need for virtualization viruses :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2474 bytes
Desc: not available
URL: <>

More information about the ubuntu-users mailing list