On 26 April 2012 17:56, Otto Moerbeek <o...@drijf.net> wrote: > > In an ideal world, availability of source code should not matter. > > Most interesting exploits are probably guest1 -> hypervisor (and then > -> guest2). > > I refuse to believe that the glued on hardware suppport for > virtulization on modern i386/amd64 processors have a real value wrt > security. This kind of thing can only be done right if it's done from > the start when designing the processor architecture.
Yes that's what I'm nervous about. Guest->Guest and Guest->Hypervisor(->Guest). Especially after Tavis Ormandy's paper from a while back... http://taviso.decsystem.org/virtsec.pdf And now, we have things like Vasto and vulnerabilities that have enabled the download of VM's to "steal the cloud". Shane