The problem back then was that anyone with access to /dev/kvm could allocate an arbitrary amount of memory that could not be swapped out. Dead-easy DoS. Since... I don't remember when, years ago at least, memory used by kvm can be swapped out like all other memory, so it's in terms of DoS by memory allocation, it's no more dangerous than giving people access to run malloc. :)
You're also giving them access to execute certain cpu instructions they otherwise wouldn't be able to, but -- modulo whatever security bugs there might be, of course -- these aren't sensitive instructions (in the way they're exposed through the kvm interface, that is). KVM was designed to be safe to run this way. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/840925 Title: Please make /dev/kvm world-accessible in 45-qemu-kvm.rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/840925/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
