WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

from [Anthony Liguori] [Permanent Link][Original]
To: Adam Heath <doogie@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Fri, 04 Mar 2005 13:54:02 -0600
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxxx>, Bastian Blank <waldi@xxxxxxxxxx>
Delivery-date: Fri, 04 Mar 2005 19:49:59 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.58.0503041334030.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: IBM
References: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1109962904.2746.12.camel@localhost> <Pine.LNX.4.58.0503041334030.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx 
On Fri, 2005-03-04 at 13:35, Adam Heath wrote:

> Once the xen packages are accepted out of debian's incoming queue, I can be
> assured of having this bug filed, and it being tagged security.  It *is* a
> problem.  Saying it wasn't designed with this in mind doesn't make it a
> non-issue.

I'm not saying it's a non-issue :-)  It's one of the reasons I'm working
on VM-Tools.  Security is not something you can just retro-fit into
something.  It has to be designed in from the beginning.

That said, I don't think Xend not being secure on a hostile dom0 is a
bug per-say.  Really, having a hostile dom0 is putting an awful lot of
faith in the Linux syscall interface.

Remember, dom0 is a single point of failure.  If dom0 is compromised,
all of your VMs are.

We debated this previously with respect to boot loaders.  At the end of
the day, you just don't want any code running, no matter how restricted,
in dom0 that you don't trust.

Regards,

-- 
Anthony Liguori
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguori@xxxxxxxxxx
Phone: (512) 838-1208




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Adam Heath
Next by Date:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Rich Persaud
Previous by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Adam Heath
Next by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Rich Persaud
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy