Re: Sun M-class hardware denial of service

[Theo de Raadt <deraadt () cvs openbsd org>]

> and apparently you cannot read the whole message - I said "too bad if
> OpenBSD cannot do this"...
>
> > If you put someone running OpenBSD into a zone, and that zone locks up
> > completely and cannot be reset because of a flaw Sun has now admitted,
> > then if you NEED that zone back, you have to power the machine down.
>
> are you talking hardware zone or a Solaris zone?  You are being sloppy
> with your terminology.

OpenBSD of course cannot run in a Solaris zone.

OpenBSD can run in a hardware zone, and when something it does (which
we don't know yet) locks up that hardware zone, the only way to get
the hardware zone back is to POWER THE MACHINE OFF.  That is a lack
of hardware zoning, or isolation.  That is not what people paid a lot
of money for.

Those customers really expected that the machine would not need a
powerdown to get around a bug in hardware zones.

> > If you don't understand that, you must be really really stupid.
>
> Here we go again - any time anyone disagrees with you they are too
> stupid to see.  Sorry, I don't buy it.  You are just trying to beat
> something up.

Sun and Fujitsu will be releasing a fix eventually.

> > You want to talk about trust?  The entire idea is that you could
> > TRUST the zones to do their job.
> >  
>
> Do you have any evidence to the contrary that a solaris zone cannot
> prevent random kernel modules being loaded?

Noone is talking about Solaris zones except you.  This problem takes
a hardware zone down, and the only way to get the zone back is to power
the machine off.

> If you don't then you are
> just spreading FUD.

Why don't we wait for Sun to release the fix, and then you can eat
your words.