2010/1/13 Ciprian Dorin, Craciun <ciprian.crac...@gmail.com>: >> 3.) Many of the benefits you gain by running a stable and secure >> operating system like OpenBSD are lost when you run it as a "guest" on >> top of some other insecure "host" operating system. > > This is only true if either: > * there is a security bug in the virtualization software (highly > improbable, and maybe easibly fixed);
http://taviso.decsystem.org/virtsec.pdf "No virtual machine tested was robust enough to withstand the testing procedure used, and multiple exploitable flaws were presented that could allow an attacker restricted to a virtualised environment to reliably escape onto the host system." http://www.vmware.com/security/advisories/VMSA-2009-0006.html "A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host." http://www.vmware.com/security/advisories/VMSA-2008-0019.html "A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory." Shane