Shawn WebbJul 10, 2017

That moment when someone markets their Xen-ified Linux-based operating system as secure: https://lwn.net/Articles/727425/

Folks, adding a hypervisor doesn't increase security--it does the opposite.

Show threadkaniiniJul 10, 2017
@lattera not exactly. hypervisors can increase overall security by containment of applications. the PS3's security model is a good example of this (except for the part where sony signed everything with the same nonce this making the whole thing pointless)
Show threadShawn WebbJul 10, 2017
@kaniini How does the hypervisor prevent the application from being exploited?
Show threadkaniini
@lattera it's not about prevention but mitigation: when the app is exploited they only get access to that single VM.
Jul 10, 2017 at 3:09pmWeb
Show threadShawn WebbJul 10, 2017
@kaniini In the immediate, sure...
Show threadkaniiniJul 10, 2017
@lattera in practice it could be good enough against 12 year olds with the latest 0day downloaded from some website
Show threadShawn WebbJul 10, 2017
@kaniini same with not running the horrible mess known as #Linux.
Show threadkaniiniJul 10, 2017
@lattera yeah? how is that libxo crap that juniper made you guys take panning out?
Show threadShawn WebbJul 10, 2017
@kaniini Pretty well. I hope FreeBSD integrates more utilities with it.