Re: About Xen: maybe a reiterative question but ..

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Theo de Raadt <deraadt@...>

Cc: Adam Getchell <adam.getchell@...>, Paul de Weerd <weerd@...>, L. V. Lammert <lvl@...>, Misc-Openbsd Listserv <misc@...>

Subject: Re: About Xen: maybe a reiterative question but ..

Date: Wednesday, October 24, 2007 - 1:14 pm

On Oct 24, 2007, at 10:59 AM, Theo de Raadt wrote:

quoted text> You don't
> build better security by building another gigantic layer.  That
> is obvious to anyone who actually works in the field.

Having worked in REAL VM :-) (IBM VM/ESA now z/VM) it isn't per se
about security like we mean security ... preventing cracking  
attempts ...
it is about isolation of processes. Isolation of processes does  
contribute
to security but it's not the only point of flexion.

In practice, mainframe VM varies greatly in security from installation
to installation ... the protection of processes from one another in the
VM operating system is as hardware/software perfect as the wit and
skill of humankind can provide ... but I've found VM installations with
accounts like USER passwd USER :-(

All things being equal, the safest base installations in the universe
would be those whose user instances were encased in some kind of
solid VM and whose base instance administrators were provided
with and followed best practices.

In re that "solid" VM ... As Theo pointed out the other day, the
Intel hardware support for virtualization is less than complete, i.e.,
less mature than the 35-year-old support for virtualization in the
IBM 370/390 architecture.

So we still gots a ways to go.

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
jwoehr@absolute-performance.com
303-443-7000 ext. 527

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:18 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:31 am)

Re: About Xen: maybe a reiterative question but .., Dave Anderson, (Wed Oct 24, 11:45 am)

Re: About Xen: maybe a reiterative question but .., Lars Hansson, (Thu Oct 25, 12:50 am)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 11:12 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:03 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 2:41 pm)

Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 3:27 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:16 pm)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 4:37 pm)

Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 9:46 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 4:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 3:46 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:31 pm)

Re: About Xen: maybe a reiterative question but .., Kevin Stam, (Wed Oct 24, 5:04 pm)

Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 2:14 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:28 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:37 am)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:16 am)

Re: About Xen: maybe a reiterative question but .., , (Thu Oct 25, 2:36 pm)

Hardware support for secure virtualization (was: About Xen: ..., Rodrigo V. Raimundo, (Thu Oct 25, 6:50 am)

Re: Hardware support for secure virtualization (was: About X..., Stuart Henderson, (Thu Oct 25, 7:13 am)

Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 4:00 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 4:06 am)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:41 pm)

Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 6:52 pm)

Re: About Xen: maybe a reiterative question but .., Daniel Ouellet, (Wed Oct 24, 5:19 pm)

Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 3:22 pm)

Re: About Xen: maybe a reiterative question but .., Matthew Weigel, (Wed Oct 24, 6:35 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:57 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:31 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 5:59 pm)

Re: About Xen: maybe a reiterative question but .., Steve Shockley, (Wed Oct 24, 9:53 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 11:02 am)

Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 8:06 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:14 pm)

Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:01 pm)

Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Thu Oct 25, 10:30 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:11 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 9:46 pm)

Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 9:51 pm)

Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:05 pm)

Re: About Xen: maybe a reiterative question but .., Tony Abernethy, (Wed Oct 24, 11:07 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:04 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:09 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 10:01 pm)

Re: About Xen: maybe a reiterative question but .., Tom Van Looy, (Thu Oct 25, 12:54 pm)

Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Thu Oct 25, 4:36 pm)

Re: About Xen: maybe a reiterative question but .., Matt Rowley, (Fri Oct 26, 8:34 am)

Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Fri Oct 26, 1:23 pm)

Re: About Xen: maybe a reiterative question but .. , Jeremy Huiskamp, (Wed Oct 24, 7:52 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:27 pm)

Re: About Xen: maybe a reiterative question but .., Shawn K. Quinn, (Sun Oct 28, 2:29 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Sun Oct 28, 5:34 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Sun Oct 28, 6:18 pm)

Re: About Xen: maybe a reiterative question but .., Nick Holland, (Sun Oct 28, 10:31 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 8:43 am)

Re: About Xen: maybe a reiterative question but .., bofh, (Mon Oct 29, 9:11 am)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 4:26 pm)

Re: About Xen: maybe a reiterative question but .., Balázs, (Mon Oct 29, 11:56 pm)

Re: About Xen: maybe a reiterative question but .., Karsten McMinn, (Thu Oct 25, 12:15 am)

Re: About Xen: maybe a reiterative question but .. , Tony Abernethy, (Wed Oct 24, 6:27 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 6:44 pm)

Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 8:43 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:20 pm)

Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 9:54 pm)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 9:57 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 10:06 am)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Thu Oct 25, 12:23 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 1:43 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:26 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 5:26 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 6:00 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 6:14 pm)

Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 10:50 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:16 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 1:45 pm)

Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Wed Oct 24, 12:46 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 12:59 pm)

Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 1:14 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 3:39 pm)

Re: About Xen: maybe a reiterative question but .., Marc Espie, (Wed Oct 24, 1:44 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Andrew Morton	Re: 2.6.23-rc4-mm1
Rafael J. Wysocki	Re: Slow DOWN, please!!!
Artem Bityutskiy	Re: [RFC PATCH 05/26] UBIFS: add file-system build
git:
Benjamin Collins	Re: git-gui hangs on read
Jon Smirl	! [rejected] master -> master (non-fast forward)
Jakub Narebski	Re: Corruption: empty refs/heads in otherwise filled repo: cannot clone?
Johannes Schindelin	Re: [ANNOUNCE] GIT 1.5.4
openbsd-misc:
Mattieu Baptiste	Re: Real men don't attack straw men
Todd Pytel	IDE or SCSI virtual disks for VMWare image?
Douglas Maus	NFS mount by non-root
Joel Wiramu Pauling	Re: Suggested PF Setup when using BitTorrent?
linux-activists:
Stephen Tweedie	[ANSWER] Re: NR_INODE / NR_FILE
Bill Bogstad	Re: A question about ramdisks
Jim Winstead Jr.	FAQ - Where is it?
Steve M. Robbins	another adduser utility available

Latest forum posts


types of kernel	40 minutes ago	Linux kernel
magical mounts	17 hours ago	Linux kernel
Problem in scim in Fedora 9	18 hours ago	Linux general
The new Western Digital power saving drives	18 hours ago	Hardware
Battery Maximizer Software	1 day ago	Linux kernel
windows folder creation surprise	1 day ago	Windows
Firewall	2 days ago	OpenBSD
IP layer send packet	2 days ago	Linux kernel
dtrace for linux available	3 days ago	Linux kernel
Unable to mount ramdisk image using UBoot while upgrading to 2.6.15 kernel for a MPC8540 based target	3 days ago	Linux kernel

Show all forums...

Colocation donated by:

Online users

Syndicate