At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:
> Certainly there is a small, compount risk increase due to multiple OS
> images involved, but the OS images must be analyzed independently FIRST,
> and THOSE risks addressed.
Certainly you pulled that assesment out of your ass.
I thought it was obvious, .. but I know you have beter things on your mind.
I DO mind you liking my ass, however - ain't gonna happen.
> **IF** OBSD were available as a host OS, that would be good security.
You must be more qualified with regards to the actual code than I am
because I flat out don't believe this at all.
Believe what? OBSD is secure? I thought you were proud of the project?
Sheesh! If our leader doesn't believe OBSD is secure, we ALL better be
running for cover. Linux, anyone?
If you're saying that OBSD will never be modified to run AS a XEN
hypervisor, that's probably a true statement. No need to corrupt a decent
OS with GPL s/w.
> If not, then security issues compound due to multiple guest OSs and
each set
> of inherent vulnerabilities.
security issues and protections do not add up like numbers.
Sure they do. If I'm running Windoze as a guest OS, there are hundreds or
thousands of possible vulnerabilities. If I'm runng OBSD as a guest OS,
guess what (I hope you don't have to??) - few to none. There is no way to
'compound threat [interaction]', but that doesn't detract from the basic
truth - the lower the risk/number of vulnerabilities of the OS, the better
off you are. As a corollary, you might also say that there is no way to
improve the security of a server without improving the security of the OS.
> No matter how you twist the logic, however, a VM provides a good level of
> application domain security, from the standpoint that each set of domain
> users and applications can only see the services provided within that
> domain guest OS.
The phrase "application domain security" is a cover-up statement that
means "I have already decided to run the multiple things on one box
because I am cheap, and I need to invent reasons why I can continue
doing so".
Huh?? Do you know what an application domain is? Guess not - here's a
definition:
Application + Users + Access Method = Application Domain
Examples: File/Print, httpd, DB, . . .
The more discrete the security model (i.e. File/Print users are not valid
on the httpd server) the better.
Lee
