login
Search
At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:
I thought it was obvious, .. but I know you have beter things on your mind.
I DO mind you liking my ass, however - ain't gonna happen.
> > **IF** OBSD were available as a host OS, that would be good security.
Believe what? OBSD is secure? I thought you were proud of the project?
Sheesh! If our leader doesn't believe OBSD is secure, we ALL better be
running for cover. Linux, anyone?
If you're saying that OBSD will never be modified to run AS a XEN
hypervisor, that's probably a true statement. No need to corrupt a decent
OS with GPL s/w.
> > If not, then security issues compound due to multiple guest OSs and
Sure they do. If I'm running Windoze as a guest OS, there are hundreds or
thousands of possible vulnerabilities. If I'm runng OBSD as a guest OS,
guess what (I hope you don't have to??) - few to none. There is no way to
'compound threat [interaction]', but that doesn't detract from the basic
truth - the lower the risk/number of vulnerabilities of the OS, the better
off you are. As a corollary, you might also say that there is no way to
improve the security of a server without improving the security of the OS.
> > No matter how you twist the logic, however, a VM provides a good level of
Huh?? Do you know what an application domain is? Guess not - here's a
definition:
Application + Users + Access Method = Application Domain
Examples: File/Print, httpd, DB, . . .
The more discrete the security model (i.e. File/Print users are not valid
on the httpd server) the better.
Lee
