WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Using Xen as a jail for malicious code

from [Mark Williamson] [Permanent Link][Original]
To: Florian Weimer <fw@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] Using Xen as a jail for malicious code
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Tue, 25 Oct 2005 20:49:40 +0100
Cc: Rob Renaud <rrenaud@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 25 Oct 2005 19:48:01 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <87fyqpwfb3.fsf@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <a5d9c4580510221804h1a6d0ad8wb395f66d49a09f49@xxxxxxxxxxxxxx> <200510231237.02074.mark.williamson@xxxxxxxxxxxx> <87fyqpwfb3.fsf@xxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.3 
> > That's what it was originally created for: containment of arbitrary
> > untrusted code submitted to a Xenoserver (Xenoservers project described:
> > http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/).
>
> What about the rogue DMA problem mentioned in some of the papers?
> Has this been addressed?

Rogue DMAs was only a problem if domains have access to real devices - for 
unprivileged domains (the norm) which just have virtual devices it's never 
been an issue.

Conversely, domains which do have real device access must always be considered 
privileged, due to limitations of current hardware.  Usually that's just 
dom0, though, unless you've got a really advanced setup.

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Using Xen as a jail for malicious code, Florian Weimer
Next by Date:  Re: [Xen-users] Pacifica/VT, Mogens Valentin
Previous by Thread:  Re: [Xen-users] Using Xen as a jail for malicious code, Florian Weimer
Next by Thread:  [Xen-users] xensv web page displaying what it should, Jim Houchin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy