L. V. Lammert wrote:
The more discrete the security model (i.e. File/Print users are not valid on the httpd server) the better.
There's something I think you don't see here. Let's assume, for a moment, that you have a VM host running two guests, one OpenBSD, one Windows.
Now, the OpenBSD box is reasonably secure. The Windows box, perhaps, is not quite so secure.
An attacker compromises your Windows box. He discovers that the machine is running in a VM, and uses a vulnerability in the virtualization server to execute code on the host itself.
Now, he can edit the memory of the OpenBSD guest, read/copy the disk, whatever. Even encryption doesn't help, you can just read the keys out of RAM. The OpenBSD guest is completely compromised, without exploiting any vulnerability in OpenBSD itself.
Theo's point (I think) is that x86 virtualization is so hopelessly complex that there's no way a human could account for every possible attack. That's why x86 virtualization reduces security.
I use VMware all the time, I just don't pretend it's a way to increase security.
