Bugtraq mailing list archives

Re: Sun M-class hardware denial of service

From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Sun, 28 Sep 2008 08:14:16 -0600

How absolutely bizzare.  Basically you spend half a million dollars on
Sun hardware, and it isn't required to do this better than VMWare?


I think you've got it exactly backwards: you don't let non-trusted
people run code on these machines because they are so expensive.


Right, and even if you are forced to allow root access to someone who
is not well trusted then run them in a zone on the hardware domain -
that way they cannot load random kernel modules even if they have root
in the zone.

The bug is bad but there are workarounds available that make it very
difficult to exploit.


the only workaround is to buy a seperate machine for the other uses.

So you buy a machine that can be split up into different machines, and
guess what, you still have to buy extra ones because it doesn't
work.

You really do hold vendors to a really really low standard.

Current thread:

Re: Sun M-class hardware denial of service, (continued)
- - - Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
    - Message not available
    - Re: Sun M-class hardware denial of service Brett Lymn (Sep 29)
    - Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
    - Re: Sun M-class hardware denial of service Florian Weimer (Sep 29)
    - Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
    - Re: Sun M-class hardware denial of service Florian Weimer (Sep 29)
    - Message not available
    - Re: Sun M-class hardware denial of service Brett Lymn (Sep 29)
    - Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
    - Message not available
    - Re: Sun M-class hardware denial of service Brett Lymn (Sep 29)
    - Re: Sun M-class hardware denial of service Bob Beck (Sep 30)
    - Re: Sun M-class hardware denial of service Theo de Raadt (Sep 29)
    - Re: Sun M-class hardware denial of service Bob Beck (Sep 10)