On Tue, Dec 18, 2007 at 08:48:46PM +0100, ropers wrote:just to give you a crazy example what people/vendors think is a possible "security benefit": some people have the idea to use virtualization on a central monster firewall to segregate multiple departments on a single physical device. this "firewall virtualization" feature is supported by Cizzco-Eeeh and other vendors. this is just a scary useability feature to give the admin the opportunity to offload some work to customers/departments.. of course, it is a very bad idea from a security point of view; one example of VM vulnerability was given by my early vic(4) driver which caused segfaults of the GSX server host side. i think it is much better, if not doing it correctly by using distributed edge firewalls, to use pf anchors, tables, etc. to support multiple firewall operators. anyway, blah, there is a big controversy about VMs and Xen, but it could be at least useful for things like testing, development, and other edge cases. reyk
| Linus Torvalds | Linux 2.6.27 |
| Linus Torvalds | Linux 2.6.27-rc8 |
| Tejun Heo | [PATCHSET] FUSE: extend FUSE to support more operations |
| James Bottomley | Re: Integration of SCST in the mainstream Linux kernel |
git: | |
| Ken Pratt | pack operation is thrashing my server |
| Jakub Narebski | Re: VCS comparison table |
| H. Peter Anvin | Re: git versus CVS (versus bk) |
| Marco Costalba | [PATCH 11/11] Convert sha1_file.c to use decompress helpers |
| Richard Stallman | Real men don't attack straw men |
| Marcos Laufer | dmesg IBM x3650 OpenBSD 4.3 |
| Brian A. Seklecki | Re: GRE over IPsec |
| sonjaya | openvpn on openbsd 4.1 |
| Hugh Dickins | Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin" |
| Gilles Chanteperdrix | [PATCH] cs89x0: add support for i.MX31ADS ARM board |
| Denys Fedoryshchenko | thousands of classes, e1000 TX unit hang |
| Francois Romieu | Re: 8169 Intermittent ifup Failure Issue With RTL8102E Chipset in Intel's New D945... |
| Treason Uncloaked | 39 minutes ago | Linux kernel |
| Shared swap partition | 11 hours ago | Linux general |
| high memory | 2 days ago | Linux kernel |
| semaphore access speed | 2 days ago | Applications and Utilities |
| the kernel how to power off the machine | 2 days ago | Linux kernel |
| Easter Eggs in windows XP | 2 days ago | Windows |
| Root password | 2 days ago | Linux general |
| Where/when DNOTIFY is used? | 2 days ago | Linux kernel |
| How to convert Linux Kernel built-in module into a loadable module | 2 days ago | Linux kernel |
| Linux 2.6.24 and I/O schedulers | 2 days ago | Linux kernel |
