At 12:01 PM 10/25/2007 +1000, Damien Miller wrote:
On Wed, 24 Oct 2007, L. V. Lammert wrote:
> I still stand by my original statement. Running application 'domains' in
> VMs instead of on a single server increases security.
It no worse security-wise to run applications on VMs rather than on the
one OS, but that isn't the only choice - is it?
Never said it was! The other choices were very well discussed.
You obviously didn't read Tavis' virtualisation security paper. VM escape
vulnerabilites are not theoretical. Tavis found vulnerabilities in every
VM he tested using only a couple of fuzzers.
Don't need to, because that was not the original question. I totally agree
with VM security issues, but, again, that was not the original question.
Please stop pretending that virtualisation is about security, it isn't.
The benefits are cost savings and decoupling applications from hardware.
Quite true! It is ALSO about application separation, the 'application
domains' that were summarized in another email.
Lee
