At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:
> > Anything we can do to increase security, *including* setting up VMs (of
That depends on your viewpoint. There certainly may be some issues at the
OS level (which have been mentioned previously), however the majority of VM
applications benefit from security *isolation*, which has nothing to do
with security issues of the underlying OS, and that was the viewpoint I was
communicating.
For example, say you have three departments within a company: Marketing,
Development, Production. Allowing each department to maintain their own
server instance allows each department to have their own users, home
directory configuration, samba (possibly) network config & authorization,
separate file/print sharing domain, etc.
That is simple not doable with a single OS, yet with a reasonable priced of
h/w all can be maintained on one platform.
The security benefits are at the application level, *NOT* at the OS level.
>If people were saying:
Perhaps more correctly:
"Yes, it increased hardware utilization, and it improves
security/isolation between different work domains"
However few outside this community would have any comprehension of the
difference.
Lee
