|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: Security Implications of letting customers use theirown kernel
On 12/16/2010 01:03 PM, George Dunlap wrote: And as James H. said, buggy DomU drivers do occasionally crash dom0: and if untrusted code can accidentally crash privileged code, it's often the case that a well-crafted exploit can use the same bug to gain control of the privileged code. I wouldn't be so negative. :)I've definitely seen crashes of the hypervisor, but all of them were assertion failures rather than say a null-pointer dereference. I've also seen denial of service bugs on the dom0 kernel which exploited bugs in the backend drivers. Maybe I'm "young" as a Xen developer (less than 2 years) but the core Xen code always seemed very robust to me. I would hence be slightly worried of crashes and even denial of service on the management tools, but not so much of privilege escalation. (A couple such bugs were found a few years ago by Joanna Rutkowska's team, but are quite rare). That said, I wouldn't be _more_ worried if I let customers use their own kernel, since they may anyway be able to use their own kernel modules if they have root access to the VM, so there's almost nothing that they couldn't already do before. There is another bug that is specific of a VM environment is where hypervisor bugs allow a malicious user in the guest to gain access to ring0 in the guest (see for example CVE-2010-0419, though this one is for KVM). These are the ones that would worry me the most. Paolo _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |