 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] Security Implications of letting customers use theirown
| To: | James Harper <james.harper@xxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] Security Implications of letting customers use theirown kernel |
| From: | George Dunlap <dunlapg@xxxxxxxxx> |
| Date: | Thu, 16 Dec 2010 12:03:53 +0000 |
| Cc: | Xen-devel@xxxxxxxxxxxxxxxxxxx, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> |
| Delivery-date: | Thu, 16 Dec 2010 04:04:58 -0800 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=741VZRf/VAwftnDxwwyjbng5P5RMKPyUQPXgZlbU5T0=; b=hZJuji4JJdzFiNnzqT2zn9NlObwkaz1x6k0jVPdcHnHS47bl35sDDTuuu+QajhW9a7 hJ0XyG+3igHi+Foy6gcmy0hpoVo+DFWcy6TkDxVEP3M5WiLtOwEZaLCEy4nm3FMdKMhR pq/wmb6YZHKfqsv6f7tJ28ku/Y5PUe6i9mDC0= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=LKLEYpFcSdO9snWYJhIesEsSDA9QW1C475u+TXggCaKX+hnCiRRAcTHI2M+ISsdEjj lCD1pVTlH82xccQKUWo8CcmYHc6uF+ygGWQoSJDsE5thnDm1Uia57ajqstKDVxLt6RVn hbfHVh5bIsl7g8CyWUtplxoFlsHaEWzDD3Slo= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <AEC6C66638C05B468B556EA548C1A77D01BB8B2A@trantor> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| References: | <4D08B3F4.7020008@xxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D01BB8B2A@trantor> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
On Thu, Dec 16, 2010 at 3:51 AM, James Harper <james.harper@xxxxxxxxxxxxxxxx> wrote: >> An area of potential concern is if someone were to build a kernel that >> enabled "No Execute" or "Disable Execution", could that compromise > other >> DomUs? Or would that just leave their DomU vulnerable to running >> malicious code? I assume you mean a kernel that *disabled* No-Execute? No -- Xen should isolate decisions of individual VMs from each other (if the NX bit can be disabled from a PV kernel at all -- I'm not sure about that). That said, developers certainly *aim* to make it the case that a DomU cannot crash or gain access to Xen or Dom0 (or affect other security measures, like NX, in any way). However, as far as I'm aware, there is no testing or auditing done to verify this. And as James H. said, buggy DomU drivers do occasionally crash dom0: and if untrusted code can accidentally crash privileged code, it's often the case that a well-crafted exploit can use the same bug to gain control of the privileged code. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Re: Panic on cpu0, Pasi Kärkkäinen |
|---|---|
| Next by Date: | Re: [Xen-devel] Security Implications of letting customers use theirown kernel, Jonathan Tripathy |
| Previous by Thread: | RE: [Xen-devel] Security Implications of letting customers use theirown kernel, James Harper |
| Next by Thread: | Re: [Xen-devel] Security Implications of letting customers use theirown kernel, Jonathan Tripathy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
