Page 1 of 1
Theo de Raadt discourages VirtualBox usage..
Posted: 8. Mar 2008, 01:33
by Unixfan
Theo de Raadt wrote:A few of us just spent some time again debugging an application level
problem ... and once again realized that the application was running
on OpenBSD inside the Innobox's VirtualBox VM.
Argh.
http://www.virtualbox.org/ticket/639
Sun owns InnoTek now because I think they wanted a VM product, but
the product is badly broken.
When that VM is running, we end up with bugs that make it quite
clear that cpu registers are being corrupted in some instances.
We don't know how other operating system products continue running
when the userland ecx register gets clobbered on a return from a page
fault, but at least people should be aware that there is likely some
security risk from running that product.
That VM does not emulate the x86 correctly, (either).
As mentioned by Theo, VirtualBox is a pathetic excuse for x86 Virtualization (
Which is in itself pathetic..).
Heed his advice and discontinue usage of VirtualBox until the developers create a better product.
Sleep well..
Posted: 8. Mar 2008, 12:43
by Technologov
Well, Theo's wording are a bit overkill...
But I agree that there are bugs in every virtualization product, and VirtualBox is no exception.
However, this does _not_ mean, that I will stop using virtualization in general, rather it means that the technology needs to be improved.
I would be glad to see Theo helping with those issues.
Here is the full story:
http://www.nabble.com/Bug-reports-regar ... 07184.html
-Technologov
Posted: 9. Mar 2008, 17:40
by S.SubZero
Theo said on that link.. wrote:This massive move towards VM use is a worrying trend and I am scared
of the side effects we will face from so many people (essentially)
choosing to run 3 operating systems instead of 1 ... and doing this
when their guest choice is 'OpenBSD for security'. I really wonder
how people arrive at such a position... without logic or technological
understanding, I suppose.
One one hand, the documentation for VBox clearly shows FreeBSD as the only supported BSD, and only having "limited support". Outside of the supported guest OS's is strictly "your mileage may vary" territory, and people should be more clearly indicating they are using virtualization when submitting bug reports.
On the other hand, Theo needs to stop worrying so much. Virtualization isn't going away, and it's a trend that needs to be adopted and accounted for, not whined about. It's a golden opportunity to attract users who may have not wanted to make the hardware investment to throw BSD on a dedicated rig but now can try it out with no commitment. OMG VIRTUALIZATION IS SCARY isn't the right way to approach it.
Re: Theo de Raadt discourages VirtualBox usage..
Posted: 8. May 2008, 20:04
by Guest
Unixfan wrote:[snip]
Heed his advice and discontinue usage of VirtualBox until the developers create a better product.
Sleep well..
THAT is the
completely wrong approach to resolving development and application issues for Open Source Software(OSS). ...
In truth, just the opposite needs to be done. OSS depends on the community eyes to see the bugs. For "OSS" the so-called "developers"
are the users too.
...
I have confidence that not only will they provide 64-bit support but that the product will improve generally
this year. That won't happen if end-users suddenly stop using SVB and do not provide feedback.
...
Posted: 9. May 2008, 07:53
by Entity
That guy has always been too talkative.
Maybe he should spend less time criticizing (or blaming) VirtualBox and Linux, and more improving his OS.
Posted: 18. May 2008, 00:03
by Z_God
Let's hope the developers will be able to solve the issues Theo is seeing. Seeing OpenBSD track record with security, I guess that remark is also true.
It may well be possible that VirtualBox leaks information (either from hosts to guests or maybe from guests to applications on the host) when information is left into certain registers.