ESX Server 3i: new architecture poses new security risks?

The new ESX Server 3i that VMware will distribute since December 2007, is build on top of a new architecture which makes superfluous the well-known Service Console (a customized Red Hat Enterprise Linux distribution which also serves as command line for interacting with environment local).

But the fact that VMware marketing pushes that ESX Server 3i as a prompt-less hypervisor doesn’t mean it really misses the shell environment: Richard Garsthagen, Technical Marketing Manager at VMware, revealed how to reach the hidden command prompt in new platform just a couple of days ago.

The small shell that replaces Red Hat one isn’t one developed by VMware from scratch, but is the popular BusyBox, an open source project which combines several utilities in a single executable, and which is included in an endless list of well-known open source tools.

Designed for embedded systems and featuring a modular architecture, BusyBox is developed by a brillant professional, Denis Vlasenko, and this is where security issue lays: can VMware puts security of a mission critical hypervisor in one man’s hands?

On top of that VMware is currently using a very old version of BusyBox inside ESX Server 3i: 1.2.1, while current version is 1.7.2. And this is possibly because Denis Vlasenko don’t enforce GPL2 license in BusyBox versions older than 1.2.2, which would pose VMware at risk of redistributing 3i under GPL as well, depending on the platform architecture.

While BusyBox may be replaced in following betas of ESX Server 3i or before RTM launch, it’s current presence is enough to start seeing host level security issues as a more concrete thing.