WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Exploiting XEN

On Tue, 2007-03-13 at 11:42 -0300, Artur Baruchi wrote:
> Hi guys,
> 
> Im making somes researchs about security in Virtual Machines, and does
> anybody knows, if exists a exploit or a rootkit for Xen? I would like
> to test it (if exist).
> 
> Thanks,
> 
> Artur Baruchi

To my knowledge, no "special" hacks exist to allow underprivileged
domains the ability to trick the hypervisor into doing undesirable
things. 

Depending on the diligence of whoever setup Xen, you may be able to do
or find interesting things around the network, but this isn't Xen's
fault. Likewise, Xen can't stop ill experienced people from running an 3
year old copy of phpbb on dom-0 itself.

I have seen some pretty wasted dom-0's, but this is due to hackers
finding weaknesses in php scripts made to manage Xen using weak setuid
wrappers to talk to xm, lvm and iptables. They got in through PHP, not
Xen.

I have yet to see xen perk its way into the discovery scripts hackers
upload once they find a way to get code somewhere they can write. Nobody
seems to be looking for xen, parts of xen or much less something that
indicates the version of Xen is exploitable. If there was anything of
interest, I'm sure hackers would be probing for it. I don't look at
*every* little thing I find in /tmp on every shared hosting server I
manage, but I try to at least peek at most of it.

The 'garbage' that 80K + hosted domains leaves laying around gives you a
pretty acute birds eye view of the threats you need to be dealing with.

I agree with Mats, asking the way you did does kind of raise a few
hairs. Many IAAS (Infrastructure As A Service) providers base some or
all of their offerings around Xen's security. So do some governments.

Its not like you just said "Oh, HI! JACK!" in an airport, but you came
close. 

I'm not going to say its wrong to ask if such a thing exist, but clearly
state your intentions for seeking it and don't use an anonymous e-mail
address when making such inquiries.

Best,
--Tim


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>