|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Running workstation and firewall on the same hardware
On Tue, Aug 09 '05 at 10:37, Michal Ludvig wrote:
> Mark Williamson wrote:
>
> > the case of the firewall domain being compromised, however, a "sufficiently
> > clever" attacker can probably abuse the DMA engine of the network card to
> > "break out" of the domU.
>
> This is interesting. How robust is the isolation between domains and
> what are the possible risks?
I just skimmed through my mail-backlog today, but there was one post in
the recent days that summed up to:
"A domain with access to a PCI (bus)master device can abuse this
abilities to overwrite arbitrtary memmory locations"
So, after you owned the DomU that has controll of the network card, you
have to twaeke it into loading a new driver for the network card, that
abuses the PCI busmaster capabilities to overwrite some memory of the
supervisor to breake out of the DomU.
while this is known to be easy (for complicated values of easy) to do
with a firewire device/port I don't think you have anything to fear.
If I were to face a hacket that is able to do that (remotely), she has
much lowerhanging fruits to pick on the rest of my systems ;-)
> From what you wrote it seems that allowing domU access to the hardware
> is more risky than passing all packets to domU through dom0.
Yes and no. You'd have to studdy the PCI busmaster capabilities of your
networkcard to know for sure.
moving the hardware access to one domU has the advantage that you can
reboot the "driver domain" when required. But it's more complicated to
set up. Personaly I've never tried to do that. handling all hardware
access in dom0 was fine with me.
--
Goetz Bock (c) 2005 as blacknet.de - Munich - Germany /"\
IT Consultant Creative Commons secure mobile Linux everNETting \ /
X
ASCII Ribbon Campaign against HTML email & microsoft attachments / \
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|