This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: Module loading in unpriveledged domains

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Re: Module loading in unpriveledged domains
From: Nuutti Kotivuori <naked@xxxxxx>
Date: Fri, 26 Nov 2004 21:20:33 +0200
Cache-post-path: aka.i.naked.iki.fi!unknown@xxxxxxxxxxxxxxxxxx
Cancel-lock: sha1:/xwcRXUPY4KtTMLTbP3VVlTytmU=
Delivery-date: Sat, 27 Nov 2004 01:03:39 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: Ye 'Ol Disorganized NNTPCache groupie
References: <E1CWMBD-0005iA-00@xxxxxxxxxxxxxxxxx> <41A2980B.8090506@xxxxxxxxxxxxxxxx> <loom.20041123T094813-14@xxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, linux)
Scott Mohekey wrote:
> So from what I can gather, the user of an unpriveledged domain is
> entirely capable of destroying their own domain?. If this is the
> case, it is entirely acceptable. What I'm more concerned with
> however, is the impact one unpriveledged domain can have on
> another. I don't want one domain able to adversely affect other
> domains running on the node. I understand that the point of weakness
> for this is only xen itself which, being opensource and backed by a
> great community, I am more than comfortable with.

To say it simply:

Module loading _may_ help an attacker circumvent Linux security on the
unpriviledged domain to gain root on the unpriviledged domain. If the
attacker has already gained root access on the unpriviledged domain,
module loading has _no_ effect on trying to adversely affect other
domains running on the node.

So yes, that security is entirely up to Xen - and Xen security is
fundamentally a sound approach, but of course remains to be seen as
the deployment is not extensive.

-- Naked

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
Xen-devel mailing list