[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC PATCH 0/18] Xenstore stub domain

On 01/11/12 18:21, Daniel De Graaf wrote:
> This patch series allows xenstored to run in a stub domian started by
> dom0. It is based on a patch series posted by Alex Zeffertt in 2009 -
> http://old-list-archives.xen.org/archives/html/xen-devel/2009-03/msg01488.html


Can you explain what is the rationale for moving the xenstored into a
stubdom? After all, if an attacker is able to compromise the xenstored,
there should be many ways now how to compromise other VMs in the system?
And it shouldn't matter whether the xenstored is in stubdom or whether
in Dom0. E.g. the attacker might redirect the block fronts to us some
false block backends, so that the VMs get compromised fs. One could
probably think of other attacks as well...?


Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.