WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] Security Implications of letting customers use theirown

from [James Harper] [Permanent Link][Original]
To: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>, <Xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] Security Implications of letting customers use theirown kernel
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Thu, 16 Dec 2010 14:51:44 +1100
Cc:
Delivery-date: Wed, 15 Dec 2010 19:52:55 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D08B3F4.7020008@xxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4D08B3F4.7020008@xxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcucU3HN81ripgbhR66mIJMgC0uFtwAgJ4dw
Thread-topic: [Xen-devel] Security Implications of letting customers use theirown kernel 
> 
> Hi Everyone,
> 
> What are the security implications of letting customers install their
> own kernel?
> 
> In my own research, I have only seen things that would compromise
their
> own DomU. My main area on concern is to protect all the other DomUs.
> 
> An area of potential concern is if someone were to build a kernel that
> enabled "No Execute" or "Disable Execution", could that compromise
other
> DomUs? Or would that just leave their DomU vulnerable to running
> malicious code?
> 
> Anyone aware of anything else?
> 

Anything that allows a DomU to compromise Dom0 is a serious security bug
and should be reported and fixed.

Once I get my hands on a proper test box I plan to do some testing on
this as during development of GPLPV I have managed to crash Dom0 due to
pre-release testing of buggy code. This probably hasn't happened since
Xen 3.0.x though, which is ancient now, but I'd like to have some
confidence that nothing I throw at Dom0 will break it.

James


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [xen-unstable test] 3863: regressions - FAIL, xen . org
Next by Date:  [Xen-devel] [linux test] 3865: regressions - FAIL, xen . org
Previous by Thread:  [Xen-devel] Security Implications of letting customers use their own kernel, Jonathan Tripathy
Next by Thread:  Re: [Xen-devel] Security Implications of letting customers use theirown kernel, George Dunlap
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy