Re: About Xen: maybe a reiterative question but ..

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Theo de Raadt <deraadt@...>

Cc: Misc-Openbsd Listserv <misc@...>

Subject: Re: About Xen: maybe a reiterative question but ..

Date: Wednesday, October 24, 2007 - 2:41 pm

At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:

quoted text> > Anything we can do to increase security, *including* setting up VMs (of 
> any
> > flavor) is an improvement [that also increased hardware utilization].
>
>This last sentence is such a lie.

That depends on your viewpoint. There certainly may be some issues at the 
OS level (which have been mentioned previously), however the majority of VM 
applications benefit from security *isolation*, which has nothing to do 
with security issues of the underlying OS, and that was the viewpoint I was 
communicating.

For example, say you have three departments within a company: Marketing, 
Development, Production. Allowing each department to maintain their own 
server instance allows each department to have their own users, home 
directory configuration, samba (possibly) network config & authorization, 
separate file/print sharing domain, etc.

That is simple not doable with a single OS, yet with a reasonable priced of 
h/w all can be maintained on one platform.

The security benefits are at the application level, *NOT* at the OS level.

quoted text>If people were saying:
>
>         "Yes, it increased hardware utilization, and the nasty
>         security impact might be low"
>
>it would be fine.
>
>But instead we have many uneducated people saying:
>
>        "Yes, it increased hardware utilization, and it improved security 
> too".
>
>And that's complete and utter bullshit.

Perhaps more correctly:

         "Yes, it increased hardware utilization, and it improves 
security/isolation between different work domains"

However few outside this community would have any comprehension of the 
difference.

         Lee

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:18 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:31 am)

Re: About Xen: maybe a reiterative question but .., Dave Anderson, (Wed Oct 24, 11:45 am)

Re: About Xen: maybe a reiterative question but .., Lars Hansson, (Thu Oct 25, 12:50 am)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 11:12 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:03 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 2:41 pm)

Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 3:27 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:16 pm)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 4:37 pm)

Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 9:46 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 4:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 3:46 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:31 pm)

Re: About Xen: maybe a reiterative question but .., Kevin Stam, (Wed Oct 24, 5:04 pm)

Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 2:14 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:28 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:37 am)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:16 am)

Re: About Xen: maybe a reiterative question but .., , (Thu Oct 25, 2:36 pm)

Hardware support for secure virtualization (was: About Xen: ..., Rodrigo V. Raimundo, (Thu Oct 25, 6:50 am)

Re: Hardware support for secure virtualization (was: About X..., Stuart Henderson, (Thu Oct 25, 7:13 am)

Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 4:00 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 4:06 am)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:41 pm)

Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 6:52 pm)

Re: About Xen: maybe a reiterative question but .., Daniel Ouellet, (Wed Oct 24, 5:19 pm)

Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 3:22 pm)

Re: About Xen: maybe a reiterative question but .., Matthew Weigel, (Wed Oct 24, 6:35 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:57 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:31 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 5:59 pm)

Re: About Xen: maybe a reiterative question but .., Steve Shockley, (Wed Oct 24, 9:53 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 11:02 am)

Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 8:06 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:14 pm)

Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:01 pm)

Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Thu Oct 25, 10:30 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:11 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 9:46 pm)

Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 9:51 pm)

Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:05 pm)

Re: About Xen: maybe a reiterative question but .., Tony Abernethy, (Wed Oct 24, 11:07 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:04 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:09 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 10:01 pm)

Re: About Xen: maybe a reiterative question but .., Tom Van Looy, (Thu Oct 25, 12:54 pm)

Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Thu Oct 25, 4:36 pm)

Re: About Xen: maybe a reiterative question but .., Matt Rowley, (Fri Oct 26, 8:34 am)

Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Fri Oct 26, 1:23 pm)

Re: About Xen: maybe a reiterative question but .. , Jeremy Huiskamp, (Wed Oct 24, 7:52 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:27 pm)

Re: About Xen: maybe a reiterative question but .., Shawn K. Quinn, (Sun Oct 28, 2:29 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Sun Oct 28, 5:34 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Sun Oct 28, 6:18 pm)

Re: About Xen: maybe a reiterative question but .., Nick Holland, (Sun Oct 28, 10:31 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 8:43 am)

Re: About Xen: maybe a reiterative question but .., bofh, (Mon Oct 29, 9:11 am)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 4:26 pm)

Re: About Xen: maybe a reiterative question but .., Balázs, (Mon Oct 29, 11:56 pm)

Re: About Xen: maybe a reiterative question but .., Karsten McMinn, (Thu Oct 25, 12:15 am)

Re: About Xen: maybe a reiterative question but .. , Tony Abernethy, (Wed Oct 24, 6:27 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 6:44 pm)

Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 8:43 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:20 pm)

Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 9:54 pm)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 9:57 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 10:06 am)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Thu Oct 25, 12:23 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 1:43 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:26 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 5:26 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 6:00 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 6:14 pm)

Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 10:50 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:16 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 1:45 pm)

Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Wed Oct 24, 12:46 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 12:59 pm)

Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 1:14 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 3:39 pm)

Re: About Xen: maybe a reiterative question but .., Marc Espie, (Wed Oct 24, 1:44 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Artem Bityutskiy	[PATCH 10/44 take 2] [UBI] debug unit implementation
Andrea Arcangeli	[PATCH 00 of 11] mmu notifier #v16
David Brown	Re: Linux 2.6.21-rc2
Ingo Molnar	[patch] softlockup watchdog: fix Xen bogosity
git:
Johannes Schindelin	Re: [PATCH 1/4] Move redo merge code in a function
Jeff Garzik	Re: cleaner/better zlib sources?
Nguyen Thai Ngoc Duy	Re: I don't want the .git directory next to my code.
Junio C Hamano	Re: [PATCH 2/2] git-gc: skip stashes when expiring reflogs
openbsd-misc:
David Higgs	Re: Using the C programming language
Chris Bullock	OpenBSD isakmpd and pf vs Cisco PIX or ASA
Chris S	Re: No text cursor on OpenBSD/i386 4.1
Richard Stallman	Real men don't attack straw men
linux-activists:
mgrjtb	GCC 2.2.2
Jojie R. T.	Re: SLS
Peter MacDonald	demand paging: proposal
C Wayne Huling	Re: Can males come from...

Latest forum posts


Battery Maximizer Software	9 hours ago	Linux kernel
windows folder creation surprise	10 hours ago	Windows
Problem in scim in Fedora 9	12 hours ago	Linux general
Firewall	1 day ago	OpenBSD
IP layer send packet	1 day ago	Linux kernel
dtrace for linux available	2 days ago	Linux kernel
Unable to mount ramdisk image using UBoot while upgrading to 2.6.15 kernel for a MPC8540 based target	2 days ago	Linux kernel
RealTek RTL8169 - can't connect	2 days ago	NetBSD
vsftpd Upload Problems	2 days ago	Linux general
creating con folder in desktop	3 days ago	Windows

Show all forums...

Colocation donated by:

Online users

Syndicate