On Tue, 2008-11-11 at 22:40 +0000, Rob MacGregor wrote:
> Ok, you have to know what to look for, but dropping "theo
> virtualisation" into Google got:
> You may find them food for thought ;)
The premise that "All software has bugs, the hypervisor is software,
therefore the hypervisor has bugs" is valid. But not all bugs open holes
that can be exploited.
I (for one) like the fact that Theo is paranoid, his work has provided
many with needed security and good user experiences. However, you have
to take some things with a grain of salt. He anticipates and describes,
not documents a negative. But that's how research begins.
On the other side, one really does need to consider the possible scope
of damages should the worst happen. With a conventional setup, a
privilege issue in the kernel means only needing to patch and audit
servers running that version.
A vulnerability in the HV would multiply that * the # of guests + dom-0
per physical server. So in essence, using Xen gives you 1 * the number
of physical servers more to audit or restore in the worst case. I agree
that the potential risk is greater, but I think it gets blown out of
proportion by the media.
Another CVE like the vmsplice hole in Linux could ruin your day just as
badly, if not worse. Or the Debian SSH keygen issue that went undetected
for years. I agree that examining the HV for potential holes is needed
work, but I think many focus on it just to ride the hype.
Its an interesting discussion, nonetheless. I've been running Xen since
2.0.7, I've never had to panic. Its interesting (and yeah, a little
scary) to wait and see what if anything so many more eyes looking will
Xen-users mailing list