←back to thread

We clone a running VM in 2 seconds (2022)

(codesandbox.io)
169 points hunvreus | 1 comments | 08 Apr 25 14:55 UTC | HN request time: 0.231s | source
Show context
londons_explore ◴[11 Apr 25 14:08 UTC] No.43653973[source]
Unmentioned: there are serious security issues with memory cloning code not designed for it.

For example, an SSL library might have pre-calculated the random nonce for the next incoming SSL connection.

If you clone the VM containing a process using that library, now both child VM's will use the same nonce. Some crypto is 100% broken open if a nonce is reused.

replies(7): >>43654026 #>>43654396 #>>43654513 #>>43654702 #>>43654894 #>>43655157 #>>43657321 #
1. dietr1ch ◴[11 Apr 25 19:06 UTC] No.43657321[source]
A neat use case for cloning is not truly duplicating a machine, but moving it from one machine that will go off to another one.

There's caveats in the network though, as packets targeting the old address need to be re-routed until all connections target the new machine.