Xen project Mailing List

RE: [Xen-users] Re: Re: Exploiting XEN

To: "Michelle Konzack" <linux4michelle@xxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx

From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>

Date: Tue, 27 Mar 2007 17:20:30 +0200

Delivery-date: Tue, 27 Mar 2007 08:19:42 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Thread-index: AcdwgPiDCgAMWm8hQFG7SusUDwUn0QAAh6rA

Thread-topic: [Xen-users] Re: Re: Exploiting XEN

> -----Original Message----- > From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Michelle Konzack > Sent: 27 March 2007 15:57 > To: xen-users@xxxxxxxxxxxxxxxxxxx > Subject: [Xen-users] Re: Re: Exploiting XEN > > Am 2007-03-15 15:37:35, schrieb Kraska, Joe A (US SSA): > > > A more interesting question is what about underprivileged > attempts on > > > dom-0 itself, i.e. non-root users? > > > > *shrug* > > > > I assume that local access implies probable total access. > Facet count > > exposures and all that. For myself, I would never let an > untrusted user > > onto dom0. EVER. Same with my ESX installations. > > This is exactly what I am concrned about... > > Info: I run a Development Workstation which was running at least 5 > installations of GNU/Linux: > > sda Master system (which one was booted) > sdd Chroot Debian/Sid > sde Chroot Debian/Etch > sdf Chroot Debian/Sarge > sdg Chroot Debian/Woody > > I was running 4 X server at once and the Master-System was only > accessible for Root/Administrator. > > Now I have installed Xenm where sda is Dom0 and the others the DomU. > Which mean I run fully in Dom0 and get the X server from DomU since > I can not run the X window-system directly in the DomU and I have > done it with the Chroots. > > Any suggestions? If you're allowing others to "touch" your console, they can do anything anyways [like boot from a CDROM and change the root password, for one thing]. If you want others to use your guest-systems, then you can allow them to SSH into the guest-system, and use their own console for X-windows (ssh -X works for this - this is how I access my AMD-V machine, as my "development" is my "console system" (I do have a KVM-switch, but it's much easier to just access the AMD-V machine through the network). I'm sorry if I misunderstood your problem description, and you're actually asking/suggesting something else here. -- Mats > > Note: If I run the Develpoment Workstation alone it is no > problem, but sometimes I have other peoples working > on it which I only partialy trust. > > Greetings > Michelle Konzack > Systemadministrator > Tamay Dogan Network > Debian GNU/Linux Consultant > > > -- > Linux-User #280138 with the Linux Counter, http://counter.li.org/ > ##################### Debian GNU/Linux Consultant > ##################### > Michelle Konzack Apt. 917 ICQ #328449886 > 50, rue de Soultz MSN LinuxMichi > 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.