[Gllug] Security from scratch or just stick with Astaro?

Nix nix at esperi.org.uk
Fri Apr 11 07:03:16 UTC 2008


On 7 Apr 2008, Justin Perreault verbalised:

> On Sun, 2008-04-06 at 22:06 +0100, Chris Bell wrote:
>>    I would definitely agree with the advice not to use a virtual machine.
>
> What advice not to use a virtual machine?

The scaremongering advice not to use a VM because it might have a
security hole, given without considering the frequency of security holes
in any VMs in any way at all.

(Yes, it is theoretically less secure because packets must traverse the
VM and host on their way in. In practice? Not only have I had no
complaints, running firewalls on a VM is not uncommon and I've never
heard of anyone who kept their guest VMs up to date being compromised
because they're using a VM. user-mode-linux is particularly suitable
here because it's the *same code* as you're running on the host kernel
anyway, so the vulnerability surface doesn't increase much.

The surface for *bugs* certainly increases, because it *is* a different
architecture: I had some problems this week and last with UML
oversleeping when doing select()-based sleeps, throwing off DHCP lease
renewal. But that's my own fault for staying stubbornly on the bleeding
edge, really.)

> I am thinking there is a message I have missed. :(

It seems more like theoretical considerations than anything grounded in
reason to me.

-- 
`The rest is a tale of post and counter-post.' --- Ian Rawlings
                                                   describes USENET
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list