At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:
> > Anything we can do to increase security, *including* setting up VMs (of

quoted text
> any

> > flavor) is an improvement [that also increased hardware utilization].

>

>This last sentence is such a lie.

That depends on your viewpoint. There certainly may be some issues at the

OS level (which have been mentioned previously), however the majority of VM

applications benefit from security *isolation*, which has nothing to do

with security issues of the underlying OS, and that was the viewpoint I was

communicating.
For example, say you have three departments within a company: Marketing,

Development, Production. Allowing each department to maintain their own

server instance allows each department to have their own users, home

directory configuration, samba (possibly) network config & authorization,

separate file/print sharing domain, etc.
That is simple not doable with a single OS, yet with a reasonable priced of

h/w all can be maintained on one platform.
The security benefits are at the application level, *NOT* at the OS level.
>If people were saying:

quoted text
>

>         "Yes, it increased hardware utilization, and the nasty

>         security impact might be low"

>

>it would be fine.

>

>But instead we have many uneducated people saying:

>

>        "Yes, it increased hardware utilization, and it improved security

> too".

>

>And that's complete and utter bullshit.

Perhaps more correctly:
         "Yes, it increased hardware utilization, and it improves

security/isolation between different work domains"
However few outside this community would have any comprehension of the

difference.
         Lee