Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Local Zone Security

Local Zone Security

Local Zone Security

Hi All,

A friend of mine has suggested recently that since the Solaris zone feature relies on software-level isolation (as opposed to hardware-level isolation, as with AIX LPARs), then it is theoretically possible to break out of the local zone to the global zone.

My question is: has anything like that been ever reported?
Has anyone ever managed to hack themselves out of the local zone?
Is it even realistically possible?

Thanx in advance for the enlightenment.


RE: Local Zone Security

Q1) Has it ever been reported?
  A1) I have never heard of a Solaris Zone being escaped from.

Q2) Has anyone managed to hack out of a local zone?
  A2) See A1.

Q3) Is it possible?
  A3) Possibly. Developers still can't write secure software (look at US-CERT vulnerabilities), so you think they can begin writing secure virtualization software?

If you are concerned then use Logical Domains (similar to AIX DLPAR's). As a side note, Solaris Zones are similar to AIX WPAR's.

Or find yourself and old Sun Fire e2900 and use fault-isolated hard partitions which are secure.

BTW, I think your friend reads to much Internet fluff.

RE: Local Zone Security

Thanx blarneyme for your comments.

I must clear out one thing: I am very far from being paranoid about Solaris zones security, and in fact I'm very skeptical as to my friend's claims. Yet I wanted to ask the Forum if there has ever been any confirmed example of zone break (which I doubted from the very beginning).


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close