10.10.2013 17:44, Richard W.M. Jones wrote:
In Fedora we have had /dev/kvm mode 0666 for years. It was changed that way in July 2009. There has never been a security problem attributable to this.
This is plain wrong. Here's a very recent example: http://www.openwall.com/lists/oss-security/2013/08/26/3
There is no problem with having any user create a VM. Virtual machines are regular processes, subject to all the usual ulimits. They use regular malloc'd memory.
That's righ, except that /dev/kvm is also kvm.ko with their own set of controls and bugs like the above. And this is what the whole thing is about, -- additional security holes due to access to /dev/kvm. /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
