On Wed, Apr 25, 2012 at 04:26:06PM -0700, Tyler Morgan wrote:
> On 4/25/2012 1:55 AM, Otto Moerbeek wrote:
> >On Wed, Apr 25, 2012 at 12:42:30AM -0500, Fernando Quintero wrote:
> >
> >>Hi all,
> >>
> >>I have a question:
> >>
> >>?Is anyone working to make possible run OpenBSD on Amazon EC2?
> >>
> >>now, It is possible to run NetBSD and FreeBSD, but I can not find much
> >>information about the progress of OpenBSD on this topic.
> >>
> >>Thanks in advanced.
> >I don't think anybody is working on this.
> >
> >But there are several VPS companies around (arpnetworks.com is one)
> >that are OpenBSD friendly.
> >
> >*If* I want to run a VPS, I rather give my money to a small compmay
> >that some behemoth.
> >
> >But note that virtual systems have many drawbacks. Most importantly,
> >the security of OpenBSD (or any system run on a virtual system) is
> >bounded by the security of the VM implementation. It's another layer
> >that could cause security problems.
> >
> > -Otto
> >
>
> Couldn't be timed better, VMWare confirms ESX source code leak:
>
> http://blogs.vmware.com/security/2012/04/vmware-security-note.html
>
> I'm sure hypervisor->guest VM exploits exist already, and hopefully
> this will lead to more, because it is nearly unaddressed in all the
> virtual computing I work with.
>
> --
In an ideal world, availability of source code should not matter.
Most interesting exploits are probably guest1 -> hypervisor (and then
-> guest2).
I refuse to believe that the glued on hardware suppport for
virtulization on modern i386/amd64 processors have a real value wrt
security. This kind of thing can only be done right if it's done from
the start when designing the processor architecture.
-Otto
