On 10/25/07, Theo de Raadt <[EMAIL PROTECTED]> wrote: > You're also a sysadm who refuses to read a paper written by a google > researcher, who's team found massive bugs in every VM.
That's not quite correct. Restating (yet) again: 1. Ormandy [1] states that Xen's design is congruent with good security 2. Ormandy doesn't actually demonstrate a DomU -> Dom0 escalation, and in fact, didn't test any HVMs at all. 3. Ormandy hypothesizes that based on Qemu flaws, there may be lurking issues. However, Qemu compromises != Xen HVM Qemu compromises Furthermore: 1. Upstream patches already exist [2] in response to Ormandy's bug report [3] Adam [1] http://taviso.decsystem.org/virtsec.pdf [2] https://launchpad.net/ubuntu/+source/xen-3.1/ [3] http://secunia.com/advisories/26986/ -- "Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu
