WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Xen Security

On 20 Jan 2005, at 11:00, Neugebauer, Rolf wrote:



-----Original Message-----
From: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:xen-devel-
admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Phillip Mumford
Sent: 19 January 2005 14:39
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Xen Security

Just a quick question regarding the security of a Xen host.

Are there any security implications I need to be aware of if I allow a
Xen-U host to use kernel modules?  I've mainly used UML in past, where
a user could easily read files on the host machines filesystem.

Is it safe to allow people to run with modules allowed?

Xen provides stronger isolation than UML and kernel modules in a VM
should only be able to compromise the resources that that VM has access
to (eg its filespace) but not other VMs

But to further prevent security issues inside that domain, disable if you can modules and, to some extent, sysctl support.



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

<Prev in Thread] Current Thread [Next in Thread>