At 01:58 PM 10/25/2007 -0600, Theo de Raadt wrote:
> Certainly! That is not the point, however. The point is that users of
OTHER
> 'application domains' have better security with a VM (or one of the other
> approaches discussed) because THEIR environment has no ability to interact
^^^^^^^^^
How do you know these 'VM' enviroments provide that gaurantee? You
don't. You don't know, and you are not even qualified in the least
to judge if they are able to gaurantee that.
There are no guarantees in this world, .. I can just talk about experience.
No environment provides a guarantee, even OBSD. Track record and experience
are indicators of quality, not statements.
All I know is that if I am logged into a VM, I cannot see/view/do anything
with another VM (possible hacks aside). That is the security that
originally started this thread - I am in no position, nor are you, to speak
of guarantees, though you do, obviously, know much more than I do about
architectures and possible VM exploits.
Can you please stop talking like you know anything about how
secure products are built or judged?
I never did, .. and this thread has nothing to do with profects, how they
are built, nor how they are judged. I leave those tasks to the people like
yourself that know the internals, along with the respective histories.
The discussion WAS about security merits of VM configurations - the
structure itself has a number of security issues related to the guest/host
OS AND the VM manager, certainly, but the original point was that by
separating applications into separate machines (my suggestion was virtual,
however others made the point that physical may be more secure) there is a
significant security gain because each 'application domain' cannot interact
with another under normal circumstances. Additional benefits are recuded
cost, increased availability, increased flexibility and security
granularity [by application/server], reduced energy requirements, and
flexibility of configuration [of each machine].
Lee
