←back to thread

We clone a running VM in 2 seconds (2022)

(codesandbox.io)
169 points hunvreus | 1 comments | 08 Apr 25 14:55 UTC | HN request time: 0.201s | source
Show context
londons_explore ◴[11 Apr 25 14:08 UTC] No.43653973[source]
Unmentioned: there are serious security issues with memory cloning code not designed for it.

For example, an SSL library might have pre-calculated the random nonce for the next incoming SSL connection.

If you clone the VM containing a process using that library, now both child VM's will use the same nonce. Some crypto is 100% broken open if a nonce is reused.

replies(7): >>43654026 #>>43654396 #>>43654513 #>>43654702 #>>43654894 #>>43655157 #>>43657321 #
1. CompuIves ◴[11 Apr 25 15:45 UTC] No.43655157[source]
Yes, that's right. The Firecracker team has written a fantastic doc about this as well: https://github.com/firecracker-microvm/firecracker/blob/main....

It's important to refresh entropy immediately after clone. Still, there can be code that didn't assume it could be cloned (even though there's always been `fork`, of course). Because of this, we don't live clone across workspaces for unlisted/private sandboxes and limit the use case to dev envs where no secrets are stored.