Hi,
While I understand where you are coming from.
Personally I do not really view vmci as a potential security issue.
Yes, it is a communication channel into the guest.
But the way to use that channel would basically require you to first compromise the host.
Once the host is compromised.. all bets are off and there are much easier ways to get anything with the guest than via the Virtual Machine Communication Interface.
Now there's also the possibility to use VMCI to communicate between guests, but that is not a default configuration. You have to edit the .vmx file in order to even enable that.
The only way to look at it as a potential security issue (at least in my view) is that you are looking at it from a "less is more approach" and a "defend in depth" position.
IOW, I agree with your view on "potential security issue", but more on a view of principles that on looking at it from a practical point of view. I do not remember that vmci has ever been on a CVE, but that might change.
As such I understand VMware's choice to enable it by default and not provide a user interface option for it.
For advanced users such as yourself, there is always the possibility of a manual edit to the .vmx file.
There are a lot more things you can do there that are not exposed in a user interface.
--
Wil
