At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:

quoted text
> > Anything we can do to increase security, *including* setting up VMs (of 
> any
> > flavor) is an improvement [that also increased hardware utilization].
>
>This last sentence is such a lie.

That depends on your viewpoint. There certainly may be some issues at the 
OS level (which have been mentioned previously), however the majority of VM 
applications benefit from security *isolation*, which has nothing to do 
with security issues of the underlying OS, and that was the viewpoint I was 
communicating.

For example, say you have three departments within a company: Marketing, 
Development, Production. Allowing each department to maintain their own 
server instance allows each department to have their own users, home 
directory configuration, samba (possibly) network config & authorization, 
separate file/print sharing domain, etc.

That is simple not doable with a single OS, yet with a reasonable priced of 
h/w all can be maintained on one platform.

The security benefits are at the application level, *NOT* at the OS level.

quoted text
>If people were saying:
>
>         "Yes, it increased hardware utilization, and the nasty
>         security impact might be low"
>
>it would be fine.
>
>But instead we have many uneducated people saying:
>
>        "Yes, it increased hardware utilization, and it improved security 
> too".
>
>And that's complete and utter bullshit.

Perhaps more correctly:

         "Yes, it increased hardware utilization, and it improves 
security/isolation between different work domains"

However few outside this community would have any comprehension of the 
difference.

         Lee