Theo de Raadt discourages VirtualBox usage..

Discussions about using non Windows and Linux guests such as FreeBSD, DOS, OS/2, OpenBSD, etc.

Theo de Raadt discourages VirtualBox usage..

Postby Unixfan » 8. Mar 2008, 01:33

Theo de Raadt wrote:A few of us just spent some time again debugging an application level
problem ... and once again realized that the application was running
on OpenBSD inside the Innobox's VirtualBox VM.


Sun owns InnoTek now because I think they wanted a VM product, but
the product is badly broken.

When that VM is running, we end up with bugs that make it quite
clear that cpu registers are being corrupted in some instances.

We don't know how other operating system products continue running
when the userland ecx register gets clobbered on a return from a page
fault, but at least people should be aware that there is likely some
security risk from running that product.

That VM does not emulate the x86 correctly, (either).

As mentioned by Theo, VirtualBox is a pathetic excuse for x86 Virtualization (Which is in itself pathetic..).

Heed his advice and discontinue usage of VirtualBox until the developers create a better product.

Sleep well.. 8)
Posts: 1
Joined: 8. Mar 2008, 01:28

Postby Technologov » 8. Mar 2008, 12:43

Well, Theo's wording are a bit overkill...

But I agree that there are bugs in every virtualization product, and VirtualBox is no exception.

However, this does _not_ mean, that I will stop using virtualization in general, rather it means that the technology needs to be improved.

I would be glad to see Theo helping with those issues.

Here is the full story: ... 07184.html

Posts: 3251
Joined: 10. May 2007, 16:59
Location: Israel

Postby S.SubZero » 9. Mar 2008, 17:40

Theo said on that link.. wrote:This massive move towards VM use is a worrying trend and I am scared
of the side effects we will face from so many people (essentially)
choosing to run 3 operating systems instead of 1 ... and doing this
when their guest choice is 'OpenBSD for security'. I really wonder
how people arrive at such a position... without logic or technological
understanding, I suppose.

One one hand, the documentation for VBox clearly shows FreeBSD as the only supported BSD, and only having "limited support". Outside of the supported guest OS's is strictly "your mileage may vary" territory, and people should be more clearly indicating they are using virtualization when submitting bug reports.

On the other hand, Theo needs to stop worrying so much. Virtualization isn't going away, and it's a trend that needs to be adopted and accounted for, not whined about. It's a golden opportunity to attract users who may have not wanted to make the hardware investment to throw BSD on a dedicated rig but now can try it out with no commitment. OMG VIRTUALIZATION IS SCARY isn't the right way to approach it.
Posts: 123
Joined: 5. Oct 2007, 21:30

Re: Theo de Raadt discourages VirtualBox usage..

Postby Guest » 8. May 2008, 20:04

Unixfan wrote:[snip]

Heed his advice and discontinue usage of VirtualBox until the developers create a better product.

Sleep well.. 8)
THAT is the completely wrong approach to resolving development and application issues for Open Source Software(OSS). ...

In truth, just the opposite needs to be done. OSS depends on the community eyes to see the bugs. For "OSS" the so-called "developers" are the users too.
I have confidence that not only will they provide 64-bit support but that the product will improve generally this year. That won't happen if end-users suddenly stop using SVB and do not provide feedback.

Postby Entity » 9. May 2008, 07:53

That guy has always been too talkative.

Maybe he should spend less time criticizing (or blaming) VirtualBox and Linux, and more improving his OS.
Posts: 100
Joined: 31. Dec 2007, 19:28
Primary OS: Mandriva
VBox Version: PUEL
Guest OSses: xp,mandriva,ubuntu,vista,7

Postby Z_God » 18. May 2008, 00:03

Let's hope the developers will be able to solve the issues Theo is seeing. Seeing OpenBSD track record with security, I guess that remark is also true.

It may well be possible that VirtualBox leaks information (either from hosts to guests or maybe from guests to applications on the host) when information is left into certain registers.
Posts: 10
Joined: 24. Dec 2007, 12:57
Location: Netherlands

Return to Other Guests

Who is online

Users browsing this forum: No registered users and 10 guests