WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Security of Xen host and guests?

from [Mark Williamson] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx, voipfc@xxxxxxxxx
Subject: Re: [Xen-users] Security of Xen host and guests?
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Tue, 24 Apr 2007 17:17:40 +0100
Delivery-date: Tue, 24 Apr 2007 09:17:14 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <84b7c6460704240337j6b8786bdyd89311f25db21577@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <84b7c6460704240337j6b8786bdyd89311f25db21577@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6 
> How secure are Xen guests and hosts if a guest is compromised?
>
> Does the compromise of a guest be as a gateway to compromise both
> hosts and other guests?

dom0 (analogous to the "host" in other systems) must be protected by all 
reasonable means as it is able to compromise any other domain running on the 
system.  This is also true for a domain which is given direct PCI hardware 
access e.g. to a network card (this is not the normal usecase).  This is 
similar to protecting your root account or the administration terminal for 
essential network services.

The compromise (e.g. somebody escalating to root access) of an unprivileged 
domain should have no effect on the security of the rest of the system.  
Whilst it would give an attacker more scope to load malicious kernel modules 
in the guest in order to attack domain 0 and Xen, both of these are intended 
to be secure against this kind of attack.

The design intends that it is safe to deliberately give out root access to the 
owner of an unprivileged domain and to allow them to load customised kernels, 
etc.  root compromise of a guest would be equivalent to this, and therefore 
should be isolated by design.

Cheers,
Mark

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] Migrating DomUs from file VBD to LVM Backend, Petersson, Mats
Next by Date:  Re: [Xen-users] Kernel for 3.05-testing, Mark Williamson
Previous by Thread:  RE: [Xen-users] Security of Xen host and guests?, Petersson, Mats
Next by Thread:  RE: [Xen-users] Security of Xen host and guests?, Steve Brueckner
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy