|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] Regarding Xen security....
On 1/15/07, Petersson, Mats <Mats.Petersson@xxxxxxx> wrote:
The key, however, is that to use any of this, there are two conditions
required:
1. Access to run at Ring 0 - and assuming that this is not so difficult
is probably fair, but it also means that the system isn't really secure
anyways, because as soon as some arbitrary code can run in Ring 0, it's
able to do ANYTHING in the system that it likes [although it may be a
little bit of hard work to actually go from a trivial exploit to
actually gain full control over the system].
2. That there isn't some other use of the SVM/VMX feature in place
already - as of current, neither of these techniques are nestable, so
once some code has gained control of the SVM/VMX feature, anyone else
attempting the same thing will fail in some respect.
Yep. saying that VT-x is unsecure in some manner is exactly like
saying that ring0 is not secure...
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|