WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] NFS and interface security

from [stevegt] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] NFS and interface security
From: stevegt@xxxxxxxxxxxxx
Date: Sat, 17 Jan 2004 08:04:41 -0800
Delivery-date: Sat, 17 Jan 2004 16:05:51 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.3.28i 
Two Xen features I like very much:

- Virtual domains can't see each others' traffic via 'tcpdump', which
  means that, for instance, guests using NFS root partitions are
  relatively isolated from each other on the wire.

- In a virtual domain, I can't simply 'ifconfig eth0:1 ip.on.my.lan' and
  expect it to route; i.e. virtual domains can't steal IP addresses.

Kudos to whoever made this work right.  Am I correct in my
interpretations here?  I.e. is this as secure as it looks?

There's a note in TODO that says "The current virtual firewall/router is
completely broken."  Is this still valid?

Steve
-- 
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@xxxxxxxxxxxxx 
http://www.stevegt.com -- http://Infrastructures.Org 


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Cannot open root device for dom0, Steven Hand
Next by Date:  Re: [Xen-devel] Cannot open root device for dom0, stevegt
Previous by Thread:  [Xen-devel] Xen and Xen, Latte
Next by Thread:  Re: [Xen-devel] NFS and interface security, Ian Pratt
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy