|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC PATCH 0/18] Xenstore stub domain
On 01/11/12 18:21, Daniel De Graaf wrote: > This patch series allows xenstored to run in a stub domian started by > dom0. It is based on a patch series posted by Alex Zeffertt in 2009 - > http://old-list-archives.xen.org/archives/html/xen-devel/2009-03/msg01488.html > Daniel, Can you explain what is the rationale for moving the xenstored into a stubdom? After all, if an attacker is able to compromise the xenstored, there should be many ways now how to compromise other VMs in the system? And it shouldn't matter whether the xenstored is in stubdom or whether in Dom0. E.g. the attacker might redirect the block fronts to us some false block backends, so that the VMs get compromised fs. One could probably think of other attacks as well...? joanna. Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |