WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Module loading in unpriveledged domains

from [David Hopwood] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Module loading in unpriveledged domains
From: David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>
Date: Mon, 22 Nov 2004 19:37:56 +0000
Delivery-date: Mon, 22 Nov 2004 19:40:41 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <E1CW9cN-0007mI-00@xxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <E1CW9cN-0007mI-00@xxxxxxxxxxxxxxxxx>
Reply-to: david.nospam.hopwood@xxxxxxxxxxxxxxxx
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.9 (Windows/20041103) 
Ian Pratt wrote:

Is there any security risk in enabling loadable module support in the linux
kernel used for the unpriveledged domains? I ask this question in the context of
a virtual private server hosting provider.


There shouldn't be any security risk at all -- Xen should provide
all the isolation you need (modulo any bugs).


So the answer to the original question is, "yes, enabling loadable module
support will increase your exposure to security risks due to any weaknesses
in Xen's isolation." Xen hasn't had particularly extensive security review
yet.

--
David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ 
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Is it possible to Xenify a stock Redhat/Fedora kernel., Brian Wolfe
Next by Date:  [Xen-devel] [PATCH] sxpr dereferences freed memory, Charles Coffing
Previous by Thread:  Re: [Xen-devel] Module loading in unpriveledged domains, Ian Pratt
Next by Thread:  Re: [Xen-devel] Module loading in unpriveledged domains, Ian Pratt
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy