Hi! The recently fixed security bug in XEN brought attention to XEN's security quality. MirageOS is primarily based on XEN but also a barebone/rumpkernel setup seems to be an option (I'm not sure how mature it is but I leave this aside for the purpose of this discussion). MirageOS on top of XEN segregates domains which--for instance--protects the actual application against potentially vulnerable device drivers. On the other hand this protection is not 100% (e.g. security bugs) and XEN's own complexity increases the attack vector theoretically. A barebone setup has a smaller footprint and smaller attack vector but no segregation (AFAIK). Which setup would you recommend from a security point of view?
Disclaimer: I don't have experience coding MirageOS but follow the project on a conceptual level. Regards, Stefan _______________________________________________ MirageOS-devel mailing list [email protected] http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
