Theo de Raadt about virtualisation
I wrote some month ago, that the increase in security in virtualized environments is more a feeled increased than a real one, as it would be foolish to assume that the hypervisor is a more stable, more secure oder less bug-infested piece of software than another software of comparable size. It looks i´m not the only one thinking this way (at least i´ve got this feel when i look at the VMware madness raging in the industry). Theo de Raadt seems to look at virtualisation in a similar way. He stated in an article in the openbsc-misc mailinglist:
You've been smoking something really mind altering, and I think you should share it. x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.
You can think about Mr. de Raadt what you want, but in most cases he has a point, albeit he should take some courses in “How to speak in a more diplomatic way” …