RE: [Xen-users] Re: Exploiting XEN

[Tim Post <tim.post@xxxxxxxxxxxxxxx>]

On Thu, 2007-03-15 at 12:42 -0700, Kraska, Joe A (US SSA) wrote:
> > > I guess that's a fair comment too. Dom0 is a large part of a Xen
> > > environment, and if Dom0 is compromised, then Xen can't really do
> that
> > > much to prevent the system from being crashed, subverted or other
> > > malicious acts. But I believe Xen itself is "safe" from Dom0 being
> > > compromised
> > 
> > It's not.  Dom0 (or any IO domain) has direct access to DMA
> controllers.
> >   It can use DMA to overwrite the hypervisor's memory with arbitrary
> data.
> 
> I believe he was saying that dom0 was "safe" from an attempt to
> compromise
> originating out of a domU. No domU can be safe from dom0. That should be
> understood.
> 
> Joe.

A more interesting question is what about underprivileged attempts on
dom-0 itself, i.e. non-root users?

Realistically if it does happen, it will be because an underprivileged
user on dom-0 was able to build code or access something compiled that
led to privilege escalation. This is much more likely than a strong root
password being compromised.

Xen is as secure as its Linux (or whatever the future brings) kernel,
and as secure as the software built around that kernel (your distro). No
less, and somewhat more because of its ability to contain things in
driver domains.

In the end it all comes down to how well it was installed, Kernel Linux
and Xen combined. Xen has to be able to rely on the OS and strength of
the kernel it patched just like everything else :)

Best,
--Tim


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users