On 9/18/09 9:32 AM, "Bill Holder" <hold...@us.ibm.com> wrote:
> That is indeed one important question, but there was another one, the > question of whether this was a denial of service attack exposure, which i > t > is not. I think that's a point of view question. If I am another user on the same VM system, happy within my cozy little class G box, and the hypervisor admin does something outside of my control to some OTHER user that causes CP to choke, then from the original user's perspective it IS a DOS attack because it's something that is out of my control, starves ME, and causes ME to choke without reason. An analagous parallel case in the distributed system world would be a ping flood attack on a network segment. The innocent get hurt along with the intended target by being starved of access to the network, and thus lose the ability to function according to design. >From the hypervisor admin's POV, then yeah, it's just doing what it's told to do. It's correct operation, working as documented. I think Bill Schuh and Marcy and myself are arguing for the former viewpoint. I think you and Adam are arguing from the latter view. > I'm not disagreeing that it would be nice if there were some sor > t > of "are you sure" safety net before the system proceeded to try to do > something suicidal, but that's a design and requirements question, not a > defect question. I think we're all in violent agreement on that point. Now, the question is what is the best way to put a safety on that gun?
