xen-users

[Top] [All Lists]

[Xen-users] Re: Exploiting XEN

from [Anthony Liguori]

[Permanent Link][Original]

To:	"Petersson, Mats" <Mats.Petersson@xxxxxxx>
Subject:	[Xen-users] Re: Exploiting XEN
From:	Anthony Liguori <aliguori@xxxxxxxxxx>
Date:	Thu, 15 Mar 2007 13:31:05 -0500
Cc:	Artur Baruchi <mail.baruchi@xxxxxxxxx>, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Thu, 15 Mar 2007 11:30:19 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<907625E08839C4409CE5768403633E0B018E1A6D@xxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<20070313154326.GB24377@xxxxxxxxxx> <907625E08839C4409CE5768403633E0B018E1A6D@xxxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 1.5.0.10 (X11/20070306)

Petersson, Mats wrote:

I guess that's a fair comment too. Dom0 is a large part of a Xen
environment, and if Dom0 is compromised, then Xen can't really do that
much to prevent the system from being crashed, subverted or other
malicious acts. But I believe Xen itself is "safe" from Dom0 being
compromised

It's not. Dom0 (or any IO domain) has direct access to DMA controllers.It can use DMA to overwrite the hypervisor's memory with arbitrary data.

It would be rather trivial for dom0 to escalate itself to ring 0 bysimply locating the IDT, writing a new IDT to disk, and then doing a DMAread operation with the physical address of the IDT's.


Regards,

Anthony Liguori

 - but it's moot point, as Xen on it's own is about as useful

as a chocalte teapot.
But Xen isn't really the "culprit" in this scenario - it's the same
scenario for Linux (or whatever other OS we care to choose) without a
hypervisor.

--
Mats
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1978 392 2496 -=||=- Perl modules: http://search.cpan.org/~danberr/-=||=- Projects: http://freshmeat.net/~danielpb/-=||=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DFF742 7D3B 9505 -=|



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Exploiting XEN, Artur Baruchi RE: [Xen-users] Exploiting XEN, Petersson, Mats Re: [Xen-users] Exploiting XEN, Daniel P. Berrange RE: [Xen-users] Exploiting XEN, Petersson, Mats Re: [Xen-users] Exploiting XEN, Mark Williamson [Xen-users] Re: Exploiting XEN, Anthony Liguori <= RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\) RE: [Xen-users] Re: Exploiting XEN, Tim Post RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\) RE: [Xen-users] Re: Exploiting XEN, Tim Post [Xen-users] Re: Re: Exploiting XEN, Michelle Konzack RE: [Xen-users] Re: Re: Exploiting XEN, Petersson, Mats RE: [Xen-users] Re: Re: Exploiting XEN, Kraska, Joe A \(US SSA\) RE: [Xen-users] Re: Re: Exploiting XEN, Kraska, Joe A \(US SSA\) Re: [Xen-users] Exploiting XEN, Tim Post

Previous by Date:	Re: [Xen-devel] Possibilities with Xen3 compared to IBM Power5 DLPAR, Julian Pawlowski
Next by Date:	Re: [Xen-devel] Possibilities with Xen3 compared to IBM Power5 DLPAR, Ewan Mellor
Previous by Thread:	Re: [Xen-users] Exploiting XEN, Mark Williamson
Next by Thread:	RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
Indexes:	[Date] [Thread] [Top] [All Lists]