> You have failed to satisfactorily explain why running a specific applicationIt's that extra 4MB of poo code, that is what makes it more secure. It's slippery and sticky at the same time, so that the application attackers slip and slide and fall into the page boundaries. If the actual hardware let us do more isolation than we do today, we would actually do it in our operating system. The problem is the hardware DOES NOT actually give us more isolation abilities, therefore the VM does not actually do anything what the say they do. While x86 hardware has the same page-protection hardware that an IBM 390 architecture machine has, modern PC machines are a mess. They are architecturally so dirty, that parts of the video, keyboard, and other IO devices are interfaced with even to do simple things like context switching processes and handling interrupts. Those of us who have experience with the gory bits of the x86 architecture can clearly say that we know what would be involved in virtualizing it, and if it was so simple, we would not still be fixing bugs in the exact same area in our operating system going on 12 years. We know what a VM operating system has to do to deal with the PC architecture. It is too complex to get perfectly right. And now you've entered into the layered approach where *any error* in the PC model exposed to the client operating system is not just a crashing bug -- it is now exploitable. It might be nice, but it is stupid. And anyone who thinks there is any security advantage at any level knows nothing about PC architecture.
| Artem Bityutskiy | [PATCH 10/44 take 2] [UBI] debug unit implementation |
| Andrea Arcangeli | [PATCH 00 of 11] mmu notifier #v16 |
| David Brown | Re: Linux 2.6.21-rc2 |
| Ingo Molnar | [patch] softlockup watchdog: fix Xen bogosity |
git: | |
| Johannes Schindelin | Re: [PATCH 1/4] Move redo merge code in a function |
| Jeff Garzik | Re: cleaner/better zlib sources? |
| Nguyen Thai Ngoc Duy | Re: I don't want the .git directory next to my code. |
| Junio C Hamano | Re: [PATCH 2/2] git-gc: skip stashes when expiring reflogs |
| David Higgs | Re: Using the C programming language |
| Chris Bullock | OpenBSD isakmpd and pf vs Cisco PIX or ASA |
| Chris S | Re: No text cursor on OpenBSD/i386 4.1 |
| Richard Stallman | Real men don't attack straw men |
| mgrjtb | GCC 2.2.2 |
| Jojie R. T. | Re: SLS |
| Peter MacDonald | demand paging: proposal |
| C Wayne Huling | Re: Can males come from... |
| Battery Maximizer Software | 9 hours ago | Linux kernel |
| windows folder creation surprise | 10 hours ago | Windows |
| Problem in scim in Fedora 9 | 12 hours ago | Linux general |
| Firewall | 1 day ago | OpenBSD |
| IP layer send packet | 1 day ago | Linux kernel |
| dtrace for linux available | 2 days ago | Linux kernel |
| Unable to mount ramdisk image using UBoot while upgrading to 2.6.15 kernel for a MPC8540 based target | 2 days ago | Linux kernel |
| RealTek RTL8169 - can't connect | 2 days ago | NetBSD |
| vsftpd Upload Problems | 2 days ago | Linux general |
| creating con folder in desktop | 3 days ago | Windows |
