xen-devel

[Top] [All Lists]

Re: [Xen-devel] Security Implications of letting customers use theirown

from [Jonathan Tripathy]

[Permanent Link][Original]

To:	George Dunlap <dunlapg@xxxxxxxxx>
Subject:	Re: [Xen-devel] Security Implications of letting customers use theirown kernel
From:	Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date:	Thu, 16 Dec 2010 12:06:57 +0000
Cc:	Xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Thu, 16 Dec 2010 04:07:20 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<AANLkTinb0upcNB-0o28cpGrKkUtL5LObpH94f7hvmzOA@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<4D08B3F4.7020008@xxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D01BB8B2A@trantor> <AANLkTinb0upcNB-0o28cpGrKkUtL5LObpH94f7hvmzOA@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6

On Thu, Dec 16, 2010 at 3:51 AM, James Harper
<james.harper@xxxxxxxxxxxxxxxx>  wrote:

An area of potential concern is if someone were to build a kernel that
enabled "No Execute" or "Disable Execution", could that compromise

other

DomUs? Or would that just leave their DomU vulnerable to running
malicious code?

I assume you mean a kernel that *disabled* No-Execute?

Yes, sorry

No -- Xen
should isolate decisions of individual VMs from each other (if the NX
bit can be disabled from a PV kernel at all -- I'm not sure about
that).

That said, developers certainly *aim* to make it the case that a DomU
cannot crash or gain access to Xen or Dom0 (or affect other security
measures, like NX, in any way).
However, as far as I'm aware, there
is no testing or auditing done to verify this.

Given that Xen is used in many hosting companies around the world, suchas Amazon, isn't this alarming?

And as James H. said,
buggy DomU drivers do occasionally crash dom0: and if untrusted code
can accidentally crash privileged code, it's often the case that a
well-crafted exploit can use the same bug to gain control of the
privileged code.

  -George


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Security Implications of letting customers use their own kernel, Jonathan Tripathy RE: [Xen-devel] Security Implications of letting customers use theirown kernel, James Harper Re: [Xen-devel] Security Implications of letting customers use theirown kernel, George Dunlap Re: [Xen-devel] Security Implications of letting customers use theirown kernel, Jonathan Tripathy <= [Xen-devel] Re: Security Implications of letting customers use theirown kernel, Paolo Bonzini

Previous by Date:	Re: [Xen-devel] Security Implications of letting customers use theirown kernel, George Dunlap
Next by Date:	Re: [Xen-devel] Writing a not present shadow entry, George Dunlap
Previous by Thread:	Re: [Xen-devel] Security Implications of letting customers use theirown kernel, George Dunlap
Next by Thread:	[Xen-devel] Re: Security Implications of letting customers use theirown kernel, Paolo Bonzini
Indexes:	[Date] [Thread] [Top] [All Lists]