xen-users

[Top] [All Lists]

Re: [Xen-users] Live Migration Config

from [Mark Williamson]

[Permanent Link][Original]

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] Live Migration Config
From:	Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date:	Sun, 30 Oct 2005 01:43:56 +0000
Cc:	Alan Greenspan <alan@xxxxxxxxxxx>
Delivery-date:	Sun, 30 Oct 2005 01:41:16 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<004001c5dbf5$45ccfe60$600318ac@xxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<004001c5dbf5$45ccfe60$600318ac@xxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.8.3

> It's actually a huge security hole since a migrating domU carries its
> device mappings to the target machine.   Basically, you  could create domU,
> map one of its disks to say /dev/hdb, migrate it to a target machine and
> gain access to /dev/hdb on the target.   Same goes for any file used as a
> disk on the source/target dom0.

Yeah OK, it's horrid actually :-)

Xend trusts anything the incoming config tells it...  Could get nasty very 
quickly from both security and DoS perspectives.

> Minimally, Xen should implement a simple hosts.allow hosts.deny mechanism
> for migration so that a host can limit which other hosts can migrate in.  
> Relying on network isolation using a separate management network isn't
> always practical.

True...  But it only really works if you're reasonably sure attackers can't 
get root on any system.  If you have virtual machines that could have been 
rooted by someone malicious they can still spoof IP addresses, sniff the 
contents of other domUs that are currently being migrated, etc.

At least using a separate virtual lan would be nice, but there should still be 
more support in Xend for a sanely secure mixed network.  It'll come, 
eventually...

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-users] Live Migration Config, (continued) Re: [Xen-users] Live Migration Config, Matthew Walster Re: [Xen-users] Live Migration Config, Mark Williamson Re: [Xen-users] Live Migration Config, Matthew Alton Re: [Xen-users] Live Migration Config, Mark Williamson Re: [Xen-users] Live Migration Config, Anthony Liguori Re: [Xen-users] Live Migration Config, Nivedita Singhvi Re: [Xen-users] Live Migration Config, Anthony Liguori [Xen-users] Re: Live Migration Config, Charles Duffy Re: [Xen-users] Live Migration Config, Alan Greenspan Re: [Xen-users] Live Migration Config, Anthony Liguori Re: [Xen-users] Live Migration Config, Mark Williamson <= [Xen-users] Re: Live Migration Config, Charles Duffy Re: [Xen-users] (securing dom0 - firewall rules. was: ) Re: Live Migration Config, Tom Brown Re: [Xen-users] Live Migration Config, Staf Verhaegen Re: [Xen-users] Live Migration Config, Mark Williamson

Previous by Date:	Re: [Xen-users] booting into gentoo, Eric S. Johansson
Next by Date:	Re: [Xen-users] Re: SSL TOE, Mark Williamson
Previous by Thread:	Re: [Xen-users] Live Migration Config, Anthony Liguori
Next by Thread:	[Xen-users] Re: Live Migration Config, Charles Duffy
Indexes:	[Date] [Thread] [Top] [All Lists]