|
|
|
|
|
|
|
|
|
|
xen-devel
[Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor
In some parts of IA64 I can see that domain==dom0 checking is done, but
in all of x86 - I have yet to find a proper checking that the hypercalls
comes from a dom0 domain instead of any other domain.
Theoretically, this means that any domain (PV or HVM) can always modify
its own kernel binary and then make a direct hypercall (via int 0x82 or
SYSENTER) into the hypervisor, executing domain controller commands like
create domain etc.
Is this possible? Access control should be done from the hypervisor
side, so any existing dom0 checking (CONFIG_XEN_PRIVILEGED_GUEST
compilation option - done from the dom0 side) seems like pointless,
because another domU can always modify its own kernel binaries to
achieve all the features what CONFIG_XEN_PRIVILEGED_GUEST restrict - be it Windows XP or Linux.
Please enlighten us.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor,
Peter Teoh <=
|
|
|
|
|