On 10/23/07, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > Virtualization seems to have a lot of security benefits. > > You've been smoking something really mind altering, and I think you > should share it.
Sure! Here's some research one of my colleagues (with whom I've discussed this a lot) did on the topic last year. http://shell.cse.ucdavis.edu/~bill/virt/virt.pdf Ormandy's paper sure is interesting, though. Certainly adds new data. Still, it seems that taking checksums from Dom0 against DomU, with other security layers in front of the DomUs (including a good firewall) doesn't hurt. Layers of defense and all that. > x86 virtualization is about basically placing another nearly full > kernel, full of new bugs, on top of a nasty x86 architecture which > barely has correct page protection. Then running your operating > system on the other side of this brand new pile of shit. Security is really hard, no doubt about it. It just takes a bug in SSH or IPv6 and you've got trouble. But in some cases, the issues can be salvaged to some acceptable criterion, for some definition of acceptable for some particular group. Or perhaps not. That's a risk-benefit analysis. > You've seen something on the shelf, and it has all sorts of pretty > colours, and you've bought it. > > That's all x86 virtualization is. Well, I bought it because it's been working for me for the past few years, and virtualization adds useful capabilities, with or without security benefits, for my purposes. You and the other OpenBSD developers have created an operating system that suits your purposes, and you kindly share it with the rest of the world, no strings attached. I'm grateful, and use OpenBSD extensively in ways that work with the purposes you've developed it. (Basically, as much as I can until I encounter some showstopping problem.) But eventually, I find I need other tools for certain things -- parallel scientific programming, SANs, running applications that don't have a snowball's chance in hell of running on OpenBSD, writing applications using runtimes that aren't supported well/at all on OpenBSD, etc. etc. Since I can't run these things on OpenBSD, I will have to run them on someone's buggy, barely correct, proprietary security-hole ridden OS anyways. And if I'm forced to do that, I'm going to use an architecture that at least mitigates the common CIA issues as best as it can, given those circumstances. And of course, continue to use OpenBSD wherever appropriate, buy the OpenBSD project's CDs, encourage others at my University to use it and do the same, and make donations whenever I can. Adam -- "Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu
