Gabriel Ambuehl <[EMAIL PROTECTED]> wrote: > Johannes Hofmann wrote: > >>I don't understand what this has to do with Xen or similar approaches. >>Every process has it's own address space anyway. And if there >>are local root exploits, they need to be fixed, just as security flaws >>that might exist in Xen or whatever. Just the fact that Xen enables you >>to run several operating system instances does not increase security. >> >> > Auditing the IIRC about 50K code in Xen is muuch easier than auditing a > whole system, don't you think? More lines of defense generally don't > hurt (you don't claim chroot to be bad do you? In some ways, VMs can be > viewed as the extensions of those and of course, virtual hosting with > root access is quite widely offered).
Yes, the code size argument is quite valid. On the other hand, it should be possible to have a small, well audited kernel and other non-security relevant parts in in single operating system as well. Think of userland filesystem implementations. > And the fact that you can migrate Xen VMs on the fly is particularly > important in some areas. Yes, Xen is a cool thing. Especially the migration stuff sounds interesting. I just do not believe in the increased security. If we would follow that approach, we could add even more layers of virtualization for even better security. But this just adds more code and bugs.
