[Xen-devel] Re: Module loading in unpriveledged domains

To:	xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] Re: Module loading in unpriveledged domains
From:	Nuutti Kotivuori <naked@xxxxxx>
Date:	Tue, 23 Nov 2004 18:43:46 +0200
Cache-post-path:	aka.i.naked.iki.fi!unknown@xxxxxxxxxxxxxxxxxx
Cancel-lock:	sha1:PKvX7s4jws2CIDAj+zYIUlEjJH4=
Delivery-date:	Tue, 23 Nov 2004 16:46:43 +0000
Envelope-to:	xen+James.Bulpin@xxxxxxxxxxxx
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization:	Ye 'Ol Disorganized NNTPCache groupie
References:	<E1CWMBD-0005iA-00@xxxxxxxxxxxxxxxxx> <41A2980B.8090506@xxxxxxxxxxxxxxxx>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent:	Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, linux)

David Hopwood wrote:
> True, unless there are bugs that cause different behaviour depending
> on whether a module is compiled-in or loaded (such as
> <http://lists.jammed.com/linux-security-module/2003/12/0012.html>).
> Nevertheless enabling loadable modules may allow a greater
> proportion of script kiddies to be capable of exploiting any given
> bug.
>
> This is all the same as in standard Linux, so perhaps I should have
> said: enable loadable modules iff you would do so in standard Linux.

That's a bit of an odd comment I think.

Enabling module loading has security implications for the actual Linux
system being exploited - eg. either the physical machine in a
standalone case, or a Xen guest virtual machine.

But the original question was not about the security of that machine,
but about the possibility of escalation of that exploin into other
Xen guests or the domain 0 on the same physical machine.

So for the escalation case, in both cases we are talking about a fully
exploited Xen guest virtual machine trying to break out of Xen
separation - and in that case, I don't see how module loading makes
any difference.

So the complete answer would be - yes, module loading in unpriviledged
domains has security implications in unpriviledged domains as much as
it has on standard Linux machines - but no, module loading in
unpriviledged domains has no security implications with regard to
other machines running on the same host, aside from those normally
incurred by Xen.

And I think the latter part of the answer was what the original poster
intended.

-- Naked

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] Re: Module loading in unpriveledged domains