This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] NFS and interface security

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] NFS and interface security
From: stevegt@xxxxxxxxxxxxx
Date: Sat, 17 Jan 2004 08:04:41 -0800
Delivery-date: Sat, 17 Jan 2004 16:05:51 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.3.28i
Two Xen features I like very much:

- Virtual domains can't see each others' traffic via 'tcpdump', which
  means that, for instance, guests using NFS root partitions are
  relatively isolated from each other on the wire.

- In a virtual domain, I can't simply 'ifconfig eth0:1 ip.on.my.lan' and
  expect it to route; i.e. virtual domains can't steal IP addresses.

Kudos to whoever made this work right.  Am I correct in my
interpretations here?  I.e. is this as secure as it looks?

There's a note in TODO that says "The current virtual firewall/router is
completely broken."  Is this still valid?

Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
http://www.stevegt.com -- http://Infrastructures.Org 

The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>