On 10/23/07, Ben Goren <ben@trumpetpower.com> wrote:
quoted text
> But that's about it. I suppose running Windows virtual machines on
> a real OpenBSD  machine might ``have a lot  of security benefits''
> in some perverted sense of the words,  but it's not like the VM is
> magically going  to protect the virtual  machines or anything. And

That's why you use a virtual firewall with openbsd in front of it!!!</ducks>

quoted text
> if  the Windows  virtual machines  can still  talk to  the outside
> world  or to  each other  (via simulated  network interfaces,  for
> example), even those ``security benefits'' won't mean much.

Heh.  Read any of the recent advisories against vmware?  Real world
exploits are already out there.  AIUI, to fix the current set of
problems, you basically have to turn off vmware tools.

Right now, you do have to attack the guest before you can get to the
host, but I'm sure there's a malicious packet out there, somewhere,
that can tickle the system just right, and skip past all that straight
into the host.


</ducks>If you do take that as the gospel truth, please, at least, buy
the freaking CD, yeah?
-- 
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.