WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

Re: [Xen-users] Hardened Xen

from [Brad Plant]

[Permanent Link][Original]

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] Hardened Xen
From:	Brad Plant <bplant@xxxxxxxxxxxxxx>
Date:	Mon, 18 Dec 2006 21:01:02 +1100
Cc:	Alexander@xxxxxxxxxxxx
Delivery-date:	Mon, 18 Dec 2006 02:01:43 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<4586658E.80809@xxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<4586658E.80809@xxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On Mon, 18 Dec 2006 10:55:26 +0100
Alexander Thiem <Alexander@xxxxxxxxxxxx> wrote:

> And another question...
> 
> I did not found anything on a working kernel with grsecurity/pax and
> xen patches at the same time.
> So what about using a hardened kernel in the domU while using a
> normal kernel in dom0 - does this make any sense?
> The dom0 will only be used to operate the guests - and nothing more. 
> Will this be only placebo security?

Try the attached. I've been running this patch for over a month on
both domU and dom0. paxtest indicates that PaX is working, but I haven't
tried to enable the RBAC system though. The patch was for 2.6.16.29,
but it might apply to a later 2.6.16 kernel. I just haven't tried.

Cheers,

Brad

grsec-2.1.9-2.6.16.29-xen-3.0.3.patch.gz
Description: GNU Zip compressed data

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Hardened Xen, Alexander Thiem Re: [Xen-users] Hardened Xen, Brad Plant <= Re: [Xen-users] Hardened Xen, Alexander Thiem Re: [Xen-users] Hardened Xen, Brad Plant

Previous by Date:	Re: [Xen-users] 64 or 32 bit dom0?, Goetz Bock
Next by Date:	Re: [Xen-users] Hardened Xen, Alexander Thiem
Previous by Thread:	[Xen-users] Hardened Xen, Alexander Thiem
Next by Thread:	Re: [Xen-users] Hardened Xen, Alexander Thiem
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix