Hi, Recently some Linux-based VPS servers that I have hosting on were cracked, with the servers' kernels removed and the servers rebooted - some even had the VPS data trashed.
This highlights some of the security vulnerabilities in Linux-based solutions and the fact that most OpenVZ servers uses older kernels in production doesn't help matters. It has also been a vision of mine to run OpenBSD-based VPS, though at this point the only way to achieve that is by true virtualization - hence, I would like to propose that we attempt to bring OpenVZ capabilities to the OpenBSD kernel. The biggest problems lie in allowing the kernel to be forked and virtual devices supplied to it, and allowing new instances of the kernel to be forked under the higher security levels. In fact, even allowing the kernel to be forked at all opens a can of worms security wise (recall the Blue Pill POC?). I am well aware of the bsd-mult project, however this focuses on single processes and is unsuitable for these purposes as it only creates a separate memory space and no additional virtual devices. I have created a list for discussing what needs to be done. You can access this list at http://groups.google.com/group/openbsd-virt - I hope to get some open dialog going on and possibly getting a project going. Thanks Regards -- Aaron Mason - Programmer, open source addict - Oh, why does everything I whip leave me?
