> On 27 Sep 2015, at 22:57, Theo de Raadt <dera...@cvs.openbsd.org> wrote: > >>> On 27 Sep 2015, at 22:38, Eric Furman <ericfur...@fastmail.net> wrote: >>> >>> You really don't get it. Running OpenBSD in a VM gives you no >>> security benefits of OpenBSD. Your base security will be your >>> host, in this case FreeBSD. And on top of that you are running >>> a very complex piece of software, the VM. Who knows what >>> security holes are in it. >> >> >> I do get it. I guess you wrote this before reading my last reply. That >> explains the situation. >> >> Yes, the base security will be my host. Putting an OpenBSD VM on there >> does not (IMHO) significantly decrease the security of that host. I >> agree that it is adding complexities and there could be potentially >> unforeseen security issues due to the combination. e.g. something like >> OpenBSD's ability to generate random number could somehow be >> affected by the underlying VM that would not be present on bare metal. > > Any additional code you run, beyond the minimum, increases your exposure
Indeed. Which is why you are typing this on a typewriter, right? I mean, I don’t know what editor you use, emacs, vi, mg, whatever… but that is additional code right? That has increased your attack surface. But you deem that an appropriate compromise to absolute security as you want feature and convenience. > You are so clueless. It's amazing. No. The fact that I have tried an experiment and have a setup that has different priorities on it’s requirements to someone else’s setup or requirements is not clueless. It is different. OpenBSD just does not offer the functionality (e.g. a large, redundant filesystem, ala ZFS) I need to get the job I want to do done on it’s own. So I need additional software to achieve that. End of story. Yes it is a larger attack surface, yes it is added complexity. I fully understand that. But I need additional software to achieve my end goals. This thread started with someone who is starting to learn and wanted to know which OS, OpenBSD or FreeBSD would be best for their requirements. I don’t feel putting forward an idea that you could run OpenBSD as a VM and have both is so unreasonable. -Matt — Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246
