peter%ficc@uunet.UU.NET (Peter da Silva) (11/15/89)
> The isolation hardware in the I386 makes it possible to construct a > contained execution environment... Such an environment would be a > useful place to test untrusted programs. > Has anyone constructed such an environment? Yes. It's called "Merge 386" or "Vp/IX". `-_-' Peter da Silva, Xenix Support. R2419 X5180 'U` "Have you hugged your wolf today?" [Ed. These products, by the way, are DOS emulation boxes for i386 based UNIX and XENIX products.]
williams@cs.umass.edu (11/22/89)
peter%ficc@uunet.UU.NET (Peter da Silva) writes... >> The isolation hardware in the I386 makes it possible to construct a >> contained execution environment... Such an environment would be a >> useful place to test untrusted programs. > >> Has anyone constructed such an environment? > >Yes. > >It's called "Merge 386" or "Vp/IX". > >[Ed. These products, by the way, are DOS emulation boxes for i386 >based UNIX and XENIX products.] Would someone elaborate on this? Surely a program (virus or otherwise) running under the emulator could do the same things, including deleting all the files it can find, as on DOS. What protection is provided? Perhaps not allowing access to the FAT, boot sector, etc.?
krvw@SEI.CMU.EDU (Kenneth R. van Wyk) (11/22/89)
>> Would someone elaborate on this? Surely a program (virus or otherwise) >> running under the emulator could do the same things, including deleting all >> the files it can find, as on DOS. What protection is provided? Perhaps >> not allowing access to the FAT, boot sector, etc.? At least in the case of VP/ix (which I used on a Zenith 386 SCO Xenix system when I worked at Lehigh), all DOS calls are subject to "approval" by Xenix - or UNIX for that matter, on a 386 UNIX system. All interrupts, etc., are handled by Xenix in the end. The DOS session(s) runs as a virtual 8086 on the 386, and is given an image file which appears to be a physical hard disk to the DOS session. The "boot sector" per se is just part of a file on the Xenix file system (or on a floppy if the VP/ix system is rebooted from floppy). I would imagine that this logical physical (?!) drive would be subject to boot sector infections, but the actual Xenix disk is treated as a network disk. If a VP/ix process tries to delete or alter any of the Xenix files, it would be subject to standard Xenix file protection mechanisms. I never did try to perform any direct (via hardware) read or writes on the hard disk, but I suspect that they would be stopped. Can anyone confirm this? One interesting side-effect of the way VP/ix works is that a (ctrl-alt-del) reboot really works - and can, in fact, be used to reboot from floppy. The VP/ix session boot DOS, while leaving the Xenix system quite in-tact. Very disconcerting the first time it's done. Running a DOS emulator under UNIX (or Xenix), in my opinion, would be a very expensive anti-virus tool. To me, there are plenty of other good reasons to run UNIX on a 386 or 486. Ken
peter%ficc@uunet.UU.NET (Peter da Silva) (11/23/89)
In article <0004.8911212031.AA18181@ge.sei.cmu.edu> you write: > peter%ficc@uunet.UU.NET (Peter da Silva) writes... > >It's called "Merge 386" or "Vp/IX". > >[Ed. These products, by the way, are DOS emulation boxes for i386 > >based UNIX and XENIX products.] > Would someone elaborate on this? Surely a program (virus or otherwise) > running under the emulator could do the same things, including deleting all > the files it can find, as on DOS. What protection is provided? DOS runs as a UNIX task subject to the UNIX protection mechanisms. In particular, it does not have direct access to the hardware unless deliberately configured that way, and it does not have permission to write any files that a normal UNIX task could not write. There is also no backdoor to the file system via any BIOS. So it's not subject to infection by standard DOS virus techniques, and even if the DOS emulator becomes infected the damage would be limited to the DOS-accesible files in a single user's account. It's also not possible to directly read or write the configuration files from DOS, because they're owned by the superuser and protected from writing. Now it should be possible to write a virus that would deliberately infect DOS under UNIX systems (by setting up a trojan horse, for example), but this would be a second-level effect... and the number of such systems is much smaller than pure-DOS systems (a 386 box costs something like 5 times an XT) that it's not a very tempting target. `-_-' Peter da Silva <peter@ficc.uu.net> <peter@sugar.lonestar.org>. 'U` -------------- +1 713 274 5180. "The basic notion underlying USENET is the flame." -- Chuq Von Rospach, chuq@Apple.COM
kelly@uts.amdahl.com (Kelly Goen) (11/28/89)
Actually DOS/MERGE or VPIX is a somewhat cheap way to explore and test
viruses compared with the cost of some other environments that are
supposedly virus proof ... and you get unix to run along with
it!!!what a deal!! actually however you do have to make sure you leave
the permissions pretty much as distributed as peter has pointed out...
if dos programs are allowed to read and write normally(i.e. DOS) then
com and exe infectors can still infect... int 13 and other
skul-duggery will be disallowed by the dos under *nix environment (you
wont get much in the way of system damage but you can look at the damn
things somewhat safely...I have done some experiments as to the
various possibilities for propagation and they do seem to be minimal
in this environment for general viruses(that does not preclude viruses
written to attack through 386 protected mode anomalys or COFF/*nix
based viruses....(and no I dont want to start a flame war about
whether those are possible or not...I am not speaking theoretically
here...))
As to the environment its GREAT!!
cheers
kelly
Kelly Goen
CSS Inc.
DISCLAIMER: I Dont represent Amdahl Corp or Onsite consulting. Any
statements ,opinions or additional data are solely my opinion and mine
alone...