Bugtraq mailing list archives
Re: Sun M-class hardware denial of service
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 10 Sep 2008 21:01:05 +0200
* Theo de Raadt:
That is WRONG. The long-term uptime of all other domains on the machine are eventually impacted because the entire physical machine must, after a service call to Sun, eventually be powered down. Management eventually has to decide to impact the SLA's of all domains. That means that Sun's promise of isolation is bunk.
The recovery strategy leaves something to be desired, true. It's certainly a bug. I doubt it makes a difference whether it's labeled as a security bug or not. I don't want to downplay your frustration, but the pattern is fairly common: When someone tries to port a new operating system to some partitioning system, it's not totally unheard of that the new code takes down (parts of) the sytem beyond the assigned partition.
How absolutely bizzare. Basically you spend half a million dollars on Sun hardware, and it isn't required to do this better than VMWare?
I think you've got it exactly backwards: you don't let non-trusted people run code on these machines because they are so expensive.
If an OS running inside VMWare was able to cause a situation making it neccessary to reboot the host environment and restart all VMWare instances, it would be considered a very serious and significant security problem for VMWare.
Are you sure about this? Separation of virtual machines as if they were real machines is not listed in the data sheet, and is not covered in the security-related part of their website, either. I'm sure they will fix bugs within their responsiblity, but as a software vendor, they can only do so much about certain types of crasher bugs. I may have missed some promises, but I doubt they make any hard guarantees (like money-back if lack of separation is demonstrated).
Current thread:
- Sun M-class hardware denial of service Theo de Raadt (Sep 09)
- Message not available
- Re: Sun M-class hardware denial of service B 650 (Sep 09)
- Re: Sun M-class hardware denial of service terry white (Sep 10)
- Re: Sun M-class hardware denial of service B 650 (Sep 09)
- Message not available
- <Possible follow-ups>
- Re: Sun M-class hardware denial of service Theo de Raadt (Sep 09)
- Re: Sun M-class hardware denial of service B 650 (Sep 09)
- Re: Sun M-class hardware denial of service Theo de Raadt (Sep 09)
- RE: Sun M-class hardware denial of service Michael Wojcik (Sep 10)
- Re: Sun M-class hardware denial of service Micheal Patterson (Sep 10)
- Re: Sun M-class hardware denial of service Florian Weimer (Sep 10)
- Re: Sun M-class hardware denial of service Curtis Maloney (Sep 11)
- Message not available
- Re: Sun M-class hardware denial of service Brett Lymn (Sep 11)
- Message not available
- Re: Sun M-class hardware denial of service Brett Lymn (Sep 29)
- Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
- Message not available
- Re: Sun M-class hardware denial of service Brett Lymn (Sep 29)
- Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
- Message not available
- Re: Sun M-class hardware denial of service Brett Lymn (Sep 29)
- Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
- Re: Sun M-class hardware denial of service Florian Weimer (Sep 29)
- Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
- Re: Sun M-class hardware denial of service B 650 (Sep 09)