upvote
That is infuriating to read. I have been using virt-manager and sleeping soundly that it was a secure isolation level.

VM guests should be considered trusted? Are you kidding me? That’s my number one usage -to operate software I do not trust.

reply
This is a shockingly common sentiment in open-source maintainers, that all software on a machine should be trusted.

Just to name two recent (and thus inexcusable) examples on top of my head:

Systemd refused to fix a privilege escalation through their use of "less" for years because they argued any user getting to that point should be trusted. The real world doesn't work that way unfortunately. They relented when someone took the initiative to fill a CVE.

Caddy's admin interface is system-wide opened, any local user can inject configuration and take over everything. Doesn't have to be a local user; think of any service you run that can makes web requests on behalf of people (custom api endpoints, avatar fetching, etc), it can be used to take over Caddy.

reply