|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3 of 7] xen: allows more hypercalls from stubdoms
On 12/10/2009 19:19, "Samuel Thibault" <samuel.thibault@xxxxxxxxxxxx> wrote: >> BTW: it cannot be worse than opening /dev/mem O_RDWR in qemu-xen, that >> is exactly what happens at the moment. > > Sure, but the difference is that qemu-xen is known to be run as root > in dom0, while allowing things from the hypervisor potentially hides > security leaks in its source code. Also, one of the advantages of stubdom is supposed to be that it contains qemu's large attack surface within a deprivileged environment. The hard thing about passthru in a stubdom is that every relevant hypercall really needs to be audited and potentially redesigned so that it all works but according to principle of least privilege. The alternative is rather undesirable, but perhaps acceptable if we make that choice with our eyes open to it. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |