[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security



On 20 Jan 2005, at 11:00, Neugebauer, Rolf wrote:



-----Original Message-----
From: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:xen-devel-
admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Phillip Mumford
Sent: 19 January 2005 14:39
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Xen Security

Just a quick question regarding the security of a Xen host.

Are there any security implications I need to be aware of if I allow a
Xen-U host to use kernel modules?  I've mainly used UML in past, where
a user could easily read files on the host machines filesystem.

Is it safe to allow people to run with modules allowed?

Xen provides stronger isolation than UML and kernel modules in a VM
should only be able to compromise the resources that that VM has access
to (eg its filespace) but not other VMs

But to further prevent security issues inside that domain, disable if you can modules and, to some extent, sysctl support.



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.