|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Is using w! safe to share data between domains?
On 5/19/05, Nils Toedtmann <xen-users@xxxxxxxxxxxxxxxxxx> wrote: > Am Donnerstag, den 19.05.2005, 19:49 -0400 schrieb John A. Sullivan III: > > Ah, perhaps I didn't make something sufficiently clear. Although > > several domUs will have access to the partition, only one should have it > > mounted at any time. In other words, the system first mounts it read > > only simply to check to see if anyone else has it mounted and, if they > > do not, they remount it as rw. There is the possibility that, in > > between the check and the remount as rw, something could sneak in. And > > there is the brief moment when it is mounted ro that another device > > could be writing to it in which case it is immediately unmounted. > > > > Network exchange with a big firewall does sound technically safer from > > corruption even if less safe from intrusion. Thanks - John > [...] > Do you want to protect the CA domU only from the outside world, or has > it to be protected from the other (networked, hence potentially r00ted) > domUs (with which the CA domU exchanges data), too? > > In the latter case, the other domU could try to attack the filesystem > driver of the CA domU by writing malicious fs metadata (like currupt > inode tables/superblocks/whatever) to that partition. I'd consider a nfs > relay between them safer! > > And you could make firewalling much easier if you use a "virtual DMZ" > toppology (all interfaces marked with a * shall use private rfc1918 ip > addresses): > > evil internet > | > | > dom0-eth0 > | > |xen-br0 > | > dom1-eth0 > networked domU, maybe compromised, has to exchange data with dom3 > dom1-eth1* > | > |xen-br1 (has no ip in dom0) > | > dom2-eth0* > nfs-server, no ip-forwarding > dom2-eth1* > | > |xen-br2 (has no ip in dom0) > | > dom3-eth0* > CA-domU > > Even without any firewalling: to break into the CA domU, an attacker has > to overtake dom1, then the nfs-service on dom2 and finally the nfs- > client on dom3. > > I think it would be easier to attack the sshd on dom0 to compromise them > all ;) > > /nils. > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > Excuse my lack of knowledge, but I believe there is another way to get to the thing done. You want: 1) A number o domUs to write files to a place; 2) Make sure to have the most secure way to do it. What if... You set up a one bridge without IP number { brctl addbr xen-sw1 brctl stp xen-sw1 off brctl setfd xen-sw1 0 sleep 3 ifconfig xen-sw1 up } Then you config your domUs to connect to the bridge, each one implementing a RFC 1918 ip number and same network for all of them. You see, any one can see the other, but no one can reach dom0 or the LAN. Now you configure a vsftpd to allow just one connection at any time. You will NOT have more then one domU accessing that file, for sure. And you enhance the security with all features on vsftpd you can, so making it very restricted. And you configure a firewall on each domU, accepting NO input/forward on the ethernet connected to the bridged. Except for the domU where you have vsftpd, which can be opened ONLY for ftpclients. Is that good? -- Bye, Fernando Maior LPIC/1 31908 _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |