Patrick Mauritz wrote:
> > Speaking of VMWare, has anyone realized that all the kernel-level code
> > for VMWare is (and has to be) open-source? And it's quite well documented
> there are hooks to push kernel-code from userspace into that module to
> "protect IP" iirc. this of course is a big security-flaw
Much agreed. A lot of code needs to be in the VM monitor. One way
around exposing this code (for closed source reasons), is to have
a kernel level wrapper which maps the VM monitor from user space
into the VM monitor kernel space, where it has ultimate control
of the computer.
If source code for the wrapper is available, it means nothing.
The VM monitor code (which is running on your machine at ring0)
is not visible as source.
This means the security of your computer has been dumbed down
from the usual Linux quality (which benefits from many developer's
eyes peering at the code), to that of some unknown binary code
running at ring0, all for the sake of closed-source.
-Kevin
