Home » Mailing list archives » openbsd-misc » 2007 » October » 24

Re: About Xen: maybe a reiterative question but ..

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: L. V. Lammert <lvl@...>
To: Misc-Openbsd Listserv <misc@...>
Subject: Re: About Xen: maybe a reiterative question but ..
Date: Wednesday, October 24, 2007 - 4:48 pm

On Wed, 24 Oct 2007, Theo de Raadt wrote:


> > At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:


Huh? What does circular logic have to do with a simple statement? Running

different application domains on separate VMs provides isolation BETWEEN

those application domains. That's security by anyone's definition.


The fact is that the OS level security is *separate*, and could be an

issue has nothing to do with the point I'm making.


What if the client OS were Windoze? The security of that OS is crap, and

we all know it. Any sane sysadmin will have a good firewall in front of

that machine, whether it's running in a VM or on separate hardware.


What if the client OS were Linux with AppArmor? SE Linux is a BIG

improvement over regular Linux, and WAY more secure than ANY product from

Redmond.


Certainly there is a small, compount risk increase due to multiple OS

images involved, but the OS images must be analyzed independently FIRST,

and THOSE risks addressed.


**IF** OBSD were available as a host OS, that would be good security. If

not, then security issues compound due to multiple guest OSs and each set

of inherent vulnerabilities.


No matter how you twist the logic, however, a VM provides a good level of

application domain security, from the standpoint that each set of domain

users and applications can only see the services provided within that

domain guest OS.


	Lee


================================================

  Leland V. Lammert            lvl@omnitec.net

    Chief Scientist     Omnitec Corporation

 Network/Internet Consultants   www.omnitec.net

================================================
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:18 am)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:31 am)
Re: About Xen: maybe a reiterative question but .., Dave Anderson, (Wed Oct 24, 11:45 am)
Re: About Xen: maybe a reiterative question but .., Lars Hansson, (Thu Oct 25, 12:50 am)
Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 11:12 am)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:48 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:03 pm)
Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 2:41 pm)
Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 3:27 pm)
Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:16 pm)
Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 4:37 pm)
Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 9:46 pm)
Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 4:48 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 3:46 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:31 pm)
Re: About Xen: maybe a reiterative question but .., Kevin Stam, (Wed Oct 24, 5:04 pm)
Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 2:14 am)
Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:28 am)
Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:37 am)
Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:16 am)
Re: About Xen: maybe a reiterative question but .., , (Thu Oct 25, 2:36 pm)
Hardware support for secure virtualization (was: About Xen: ..., Rodrigo V. Raimundo, (Thu Oct 25, 6:50 am)
Re: Hardware support for secure virtualization (was: About X..., Stuart Henderson, (Thu Oct 25, 7:13 am)
Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 4:00 am)
Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 4:06 am)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:41 pm)
Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 6:52 pm)
Re: About Xen: maybe a reiterative question but .., Daniel Ouellet, (Wed Oct 24, 5:19 pm)
Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 3:22 pm)
Re: About Xen: maybe a reiterative question but .., Matthew Weigel, (Wed Oct 24, 6:35 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:57 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:48 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:31 pm)
Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 5:59 pm)
Re: About Xen: maybe a reiterative question but .., Steve Shockley, (Wed Oct 24, 9:53 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 11:02 am)
Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 8:06 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:14 pm)
Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:01 pm)
Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Thu Oct 25, 10:30 am)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:11 pm)
Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 9:46 pm)
Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 9:51 pm)
Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:05 pm)
Re: About Xen: maybe a reiterative question but .., Tony Abernethy, (Wed Oct 24, 11:07 pm)
Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:04 am)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:09 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 10:01 pm)
Re: About Xen: maybe a reiterative question but .., Tom Van Looy, (Thu Oct 25, 12:54 pm)
Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Thu Oct 25, 4:36 pm)
Re: About Xen: maybe a reiterative question but .., Matt Rowley, (Fri Oct 26, 8:34 am)
Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Fri Oct 26, 1:23 pm)
Re: About Xen: maybe a reiterative question but .. , Jeremy Huiskamp, (Wed Oct 24, 7:52 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:27 pm)
Re: About Xen: maybe a reiterative question but .., Shawn K. Quinn, (Sun Oct 28, 2:29 pm)
Re: About Xen: maybe a reiterative question but .., bofh, (Sun Oct 28, 5:34 pm)
Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Sun Oct 28, 6:18 pm)
Re: About Xen: maybe a reiterative question but .., Nick Holland, (Sun Oct 28, 10:31 pm)
Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 8:43 am)
Re: About Xen: maybe a reiterative question but .., bofh, (Mon Oct 29, 9:11 am)
Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 4:26 pm)
Re: About Xen: maybe a reiterative question but .., Balázs, (Mon Oct 29, 11:56 pm)
Re: About Xen: maybe a reiterative question but .., Karsten McMinn, (Thu Oct 25, 12:15 am)
Re: About Xen: maybe a reiterative question but .. , Tony Abernethy, (Wed Oct 24, 6:27 pm)
Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 6:44 pm)
Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 8:43 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:20 pm)
Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 9:54 pm)
Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 9:57 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 10:06 am)
Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Thu Oct 25, 12:23 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 1:43 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:26 pm)
Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 5:26 pm)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 6:00 pm)
Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 6:14 pm)
Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 10:50 am)
Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:16 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 1:45 pm)
Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Wed Oct 24, 12:46 pm)
Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 12:59 pm)
Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 1:14 pm)
Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 3:39 pm)
Re: About Xen: maybe a reiterative question but .., Marc Espie, (Wed Oct 24, 1:44 pm)