zlacker

>>tete+(OP)
While I am all for virtualizing, it doesn't help security. It just moves the exploit from your OS into your hypervisor. Even worse, you add a whole new level of exploitable code.

>>mrotte+Bl
That's nonsense. It doesn't automatically help security.

But compartmentalization does mean that barring a hypervisor exploit, each exploit can potentially be prevented from affecting more than a small part of the system.

I care a whole lot less if Chrome is exploited if it can't access my ssh keys, for example (not that I wouldn't still care, but the potential damage would be limited).

>>vidarh+eo
Why don't you just use different user accounts and permissions? That way you don't have to trust extra code and can achieve the same goal.

Edit: But the way you talk to me, obviously I must be stupid.

>>mrotte+oo
I'd say the reasoning is that you then have to trust there are no privesc/bypass opportunities in your environment. Trusting that all your dbus/pulseaudio/network-manager/cups/fuse/display manager & friends aren't going to give your rogue chrome process on one account some kind of access to another (thanks to X11/XDMCP, they'll at least have keylogging) - that's a big surface area, aas in: space is big. Really big. You just won't believe how vastly, hugely, mind-bogglingly big it is.

Compared to the few hundred lines in the hypervisor providing VM-level isolation you'd be a bit mad to say that these are equivalent means of isolation.