RE: [Xen-users] Exploiting XEN

["Petersson, Mats" <Mats.Petersson@xxxxxxx>]

> -----Original Message-----
> From: Daniel P. Berrange [mailto:berrange@xxxxxxxxxx] 
> Sent: 13 March 2007 15:43
> To: Petersson, Mats
> Cc: Artur Baruchi; Xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-users] Exploiting XEN
> 
> On Tue, Mar 13, 2007 at 04:30:53PM +0100, Petersson, Mats wrote:
> > > -----Original Message-----
> > > From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
> > > [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> > > Artur Baruchi
> > > Sent: 13 March 2007 14:43
> > > To: Xen-users@xxxxxxxxxxxxxxxxxxx
> > > Subject: [Xen-users] Exploiting XEN
> > > 
> > > Hi guys,
> > > 
> > > Im making somes researchs about security in Virtual 
> Machines, and does
> > > anybody knows, if exists a exploit or a rootkit for Xen? 
> I would like
> > > to test it (if exist).
> > 
> > Please take this the right way... If we assume one does 
> exist, would you
> > send it to me, if I asked you? [particularly if my e-mail 
> address was of
> > an "anonymous" origin like gmail?] - how do I know that the 
> purpose you
> > are asking for is the purpose you are REALLY asking for, 
> rather than for
> > example that you know someone's machine is Xen-based and you want to
> > break into it. This is a non-moderated mailing-list, anyone with an
> > e-mail account anywhere in the world (more or less) can sign up. 
> > 
> > I personally am not aware of any "rootkit" that relates to Xen. 
> 
> And more to the point, if any of the Xen developers did know 
> of a "rootkit"
> you can be damn sure they'd be fixing whatever flaw made it 
> possible, rather
> than passing it around for people to try out. 

Agree completely. [Although I guess some people on the Xen User's list
may not be developers, I believe anyone here would rather forward such a
"rootkit" to the developers so that they can fix the underlaying flaw,
rather than passing it around to try out amongst "friends"].
> 
> > The Xen hypervisor is fairly small, and thus relatively easy to
> > understand and control against vulnerabilities. Since it's living
> > "outside" the host-OS that it controls, it's potentially 
> less vulnerable
> > than those hypervisors that live within the host-OS. 
> 
> Nice in theory, but in practice you have to include Dom0 as (at this
> time) it has effectively unrestricted access to the hardware and is
> neccessarily trusted by every DomU that cards about disk or network 
> I/O. While in theory Xen may allow a tighter security model, in the
> real-world deployments of Xen there's no better security from its 
> arch of hypervisor outside the Dom0 OS, vs other virt systems which
> have the hypervisor as part of  the Dom0.

I guess that's a fair comment too. Dom0 is a large part of a Xen
environment, and if Dom0 is compromised, then Xen can't really do that
much to prevent the system from being crashed, subverted or other
malicious acts. But I believe Xen itself is "safe" from Dom0 being
compromised - but it's moot point, as Xen on it's own is about as useful
as a chocalte teapot. 

But Xen isn't really the "culprit" in this scenario - it's the same
scenario for Linux (or whatever other OS we care to choose) without a
hypervisor.

--
Mats
> 
> Dan.
> -- 
> |=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 
> 978 392 2496 -=|
> |=-           Perl modules: http://search.cpan.org/~danberr/  
>             -=|
> |=-               Projects: http://freshmeat.net/~danielpb/   
>             -=|
> |=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF 
> F742 7D3B 9505  -=| 
> 
> 
> 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users