WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Live Migration Config

from [Alan Greenspan] [Permanent Link][Original]
To: <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Live Migration Config
From: "Alan Greenspan" <alan@xxxxxxxxxxx>
Date: Fri, 28 Oct 2005 15:24:53 -0400
Delivery-date: Fri, 28 Oct 2005 19:22:16 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
>You can't have dom0s on a hostile network if you want to prevent these "rogue
>>migrations".  Note that you can't force an outgoing migration from a node, so
>nobody can "steal" your running domUs.  However, if someone gets on a segment
>of network that can reach your dom0s they could send you some domUs of their
...
>own - shouldn't be a security issue (the domUs will still be isolated by Xen)
>but could get quite annoying ;-)
 
It's actually a huge security hole since a migrating domU carries its device mappings to the target machine.   Basically, you  could create domU, map one of its disks to say /dev/hdb, migrate it to a target machine and gain access to /dev/hdb on the target.   Same goes for any file used as a disk on the source/target dom0.
 
Minimally, Xen should implement a simple hosts.allow hosts.deny mechanism for migration so that a host can limit which other hosts can migrate in.   Relying on network isolation using a separate management network isn't always practical.
 
Alan

 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] dual vif per domain troubles, Patrick Deelman
Next by Date:  Re: [Xen-users] creating a domU with a particular UUID with xen-unstable, Anthony Liguori
Previous by Thread:  [Xen-users] Re: Live Migration Config, Charles Duffy
Next by Thread:  Re: [Xen-users] Live Migration Config, Anthony Liguori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy