is there anything good written up on this? | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

		billywhizz 8 days ago \| parent \| context \| favorite \| on: Microsandbox: Virtual Machines that feel and perfo... is there anything good written up on this?

tptacek 8 days ago [–]

I don't think so? It's not complicated. Most LPEs get you the local kernel. The KVM security model assumes an untrusted local (guest) kernel. To compromise KVM, they either need to be fundamental architectural flaws (rare) or bugs in KVM itself (also rare).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact