WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] protecting xen startup

from [Luke Kenneth Casson Leighton] [Permanent Link][Original]
To: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] protecting xen startup
From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date: Tue, 23 Nov 2004 21:52:32 +0000
Cc: Mark Williamson <maw48@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxx
Delivery-date: Tue, 23 Nov 2004 21:43:45 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <E1CWhp6-0004YC-00@xxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20041123205152.GA5146@xxxxxxxx> <E1CWhp6-0004YC-00@xxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i 
On Tue, Nov 23, 2004 at 09:03:39PM +0000, Ian Pratt wrote:
> > > >is the port 8000 stuff actually running in the xen boot-up stuff?
> > > 
> > > Xend starts its HTTP interface when it starts up and will do anything the 
> > > HTTP interface tells it to do.  If Xend isn't running then the HTTP 
> > > interface is not accessible (but you can't do a lot without Xend).
> >  
> >  ... but there's nothing to prevent the merging of the xend and the xm
> >  programs, bypassing the use of HTTP, right?
> 
> You might want to think twice before doing that, or at least have
> some alternative story about how you'd do administration of a
> pool of VMs running over a cluster of nodes. 
> 
> I guess you're probably thinking of multi-level secure VMs on a
> single host (e.g. a laptop), 

 yes (see below for details).

> but the cluster side is important
> too.

 ah, so.
 
 even inside a guest OS is it possible to access the HTTP
 interface?
 
> I guess it might be possible to weld xm and xend directly to each
> other in the single machine case.
 
 perhaps i should explain: i am looking to use xen to implement
 a new level of paranoid security.
 
 i aim to run single applications, such as firefox and
 openoffice, in their own dedicated virtual machines, a
 localised file server in one (or more if i can get GFS or OCFS2
 to work) virtual machine(s), and for the applications to each
 connect to the xen master running an x-server [nomachine isn't
 quite suitable, i may have to write my own ssh-based x-proxy].

 allowing a compromised guest OS to fire up another virtual
 machine, connect to the x-server and spoof "please enter your
 password" dialog boxes is therefore to be avoided!!!


 i am so pleased and relieved that xm is written in python.
 i grok python.

 l.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Xen cluster n/w performance (again!), Diwaker Gupta
Next by Date:  Re: [Xen-devel] protecting xen startup, Jan Kundrát
Previous by Thread:  Re: [Xen-devel] protecting xen startup, Ian Pratt
Next by Thread:  Re: [Xen-devel] protecting xen startup, Jan Kundrát
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy