On Tue, Dec 18, 2007 at 08:48:46PM +0100, ropers wrote:

quoted text
> The reason for the controversy appears to be that it's currently en

> vogue in some quarters (not here) to ascribe all kinds of benefits to

> virtualization, including security benefits -- which are very much not

> really there. Virtualization introduces more complexity, complexity is

> the enemy of real security. The "security benefits" that

> virtualization introduces are mostly administrative benefits that may

> make it easier to determine that your boxes were pwned by a sloppy

> attacker, but OpenBSD people prefer their boxes to be as pwnage-proof

> as humanely possible, ie. to make sure their boxes don't get pwned to

> start with. And that's much easier to do w/o virtualization. So

> whatever you do, don't cite security claims as reasons for

> OpenBSD/Xen, unless you fancy your OpenBSD "street cred" getting

> rather unceremoniously shredded into little itsy bitsy pieces.

>

> Hope this helps, thanks and regards,

> --ropers

> 

just to give you a crazy example what people/vendors think is a

possible "security benefit":
some people have the idea to use virtualization on a central monster

firewall to segregate multiple departments on a single physical

device. this "firewall virtualization" feature is supported by

Cizzco-Eeeh and other vendors. this is just a scary useability feature

to give the admin the opportunity to offload some work to

customers/departments..
of course, it is a very bad idea from a security point of view; one

example of VM vulnerability was given by my early vic(4) driver which

caused segfaults of the GSX server host side.
i think it is much better, if not doing it correctly by using

distributed edge firewalls, to use pf anchors, tables, etc. to support

multiple firewall operators.
anyway, blah, there is a big controversy about VMs and Xen, but it

could be at least useful for things like testing, development, and

other edge cases.
reyk