WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: malicious paravirtualized guests: security and isola

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Re: malicious paravirtualized guests: security and isolation
From: "Vasiliy Baranov" <vasiliy.baranov@xxxxxxxxx>
Date: Fri, 14 Nov 2008 21:39:01 +0300
Delivery-date: Fri, 14 Nov 2008 10:41:00 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=ei+/IIoBZeK6EWRYDVNee1raLrGLjEcMNWdJj+B13ns=; b=U/TGtE4KFogzD9lrEx4tz224fyrflCrWMTX7UTo37EjSLqiimH+sZaNZ0K7KhSMlxM P2UaWayf81N+yrkxvI/gY4lG1tuOv/NV6iwHODGXbBD0ItUNgVNzXZ/2Zs1j9KmjI2JH MTNRRgkPEJsdqWTeV+TorVsiqb2KzbYg/Ly4Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=TEWbiT7qBi3yAaVeM8IaD6qw0cSiFZsv1pyWpHYSTaJxWIrnudVvwd9bm+JIc3+Nz1 7iuDcut1/O8Om+zCVdBdYXVH/ZtUveut/ipTn3h5lqh+X4x0sAFdCMqt565cuDUrk12f s0IBCSziOsslFSBqFPOnZcWsi3r3wOQ7OHOE0=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <91094279.208821226433579786.JavaMail.root@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <e4a2b0250811110916nb0555ddq9156e0b607dfd8b2@xxxxxxxxxxxxxx> <91094279.208821226433579786.JavaMail.root@xxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On Tue, Nov 11, 2008 at 10:59 PM, George Lenzer <george.lenzer@xxxxxxx> wrote:
>>>With the kernels and modules, I think that it would only be wise for you to restrict them to the kernel you provide.
>> Why? Why it matters (if Xen is designed to provide isolation anyways)?

Not a technical reason, but more a "paranoid" approach just in case there is something flawed in the Xen design.  However, saying that, I personally wouldn't have a problem with custom kernel modules other than the administration headaches (maybe rsync or an svn repository would be wise).
 
>>>Regarding the security of running their own modules, it I still believe that they would not be able to cross the boundaries of their domain into other domains via this route.  Unless something is seriously broken in
>>>the Xen paravirtualization model, when they are in unprivileged domains, they can't access anything that Domain0/Xen microkernel doesn't allow.
>>I am far from being Linux expert but I thought a module can override anything in the kernel. Am I wrong? If am not wrong, why disallowing custom kernels while still allowing custom modules can be different
>>from allowing custom kernels?

I welcome any correction on my thinking, but if I understand it correctly, when you boot a paravirtualized domU, it is using it's own instance of the domU kernel in RAM.  It is not sharing a kernel with Dom0.  They are the same kernel in terms of the binary, but the memory space and virtual resource allocated to Domain0 are not accessible to any unprivileged domain in any way.  This is why I chose Xen over OpenVZ for my own needs.  I wanted something that didn't share a kernel instance at all, and that's what Xen PVs offer.

Sure. We are not talking about sharing the kernel between dom0 and domU. domUs are going to have completely different kernels anyways. The question is, if I have to allow custom modules in domUs (because my users cannot live without them), does it make sense to disallow custom kernels, i.e. whether disallowing custom kernels is going to buy me much?

Thank you,
Vasiliy
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>