|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [PATCH 3 of 7] xen: allows more hypercalls from stubdoms
On 12/10/2009 19:19, "Samuel Thibault" <samuel.thibault@xxxxxxxxxxxx> wrote:
>> BTW: it cannot be worse than opening /dev/mem O_RDWR in qemu-xen, that
>> is exactly what happens at the moment.
>
> Sure, but the difference is that qemu-xen is known to be run as root
> in dom0, while allowing things from the hypervisor potentially hides
> security leaks in its source code.
Also, one of the advantages of stubdom is supposed to be that it contains
qemu's large attack surface within a deprivileged environment.
The hard thing about passthru in a stubdom is that every relevant hypercall
really needs to be audited and potentially redesigned so that it all works
but according to principle of least privilege.
The alternative is rather undesirable, but perhaps acceptable if we make
that choice with our eyes open to it.
-- Keir
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|