[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: malicious paravirtualized guests: security and isolation

To: Rob MacGregor <rob.macgregor@xxxxxxxxx>
From: Tim Post <echo@xxxxxxxxxxxx>
Date: Wed, 12 Nov 2008 10:29:47 +0800
Cc: Xen-user List <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 11 Nov 2008 18:30:36 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Tue, 2008-11-11 at 22:40 +0000, Rob MacGregor wrote:

> Ok, you have to know what to look for, but dropping "theo
> virtualisation" into Google got:
> 
> http://kerneltrap.org/OpenBSD/Virtualization_Security
> https://www.c0t0d0s0.org/archives/3651-Theo-de-Raadt-about-virtualisation.html
> 
> You may find them food for thought ;)

The premise that "All software has bugs, the hypervisor is software,
therefore the hypervisor has bugs" is valid. But not all bugs open holes
that can be exploited.

I (for one) like the fact that Theo is paranoid, his work has provided
many with needed security and good user experiences. However, you have
to take some things with a grain of salt. He anticipates and describes,
not documents a negative. But that's how research begins.

On the other side, one really does need to consider the possible scope
of damages should the worst happen. With a conventional setup, a
privilege issue in the kernel means only needing to patch and audit
servers running that  version.

A vulnerability in the HV would multiply that * the # of guests + dom-0
per physical server. So in essence, using Xen gives you 1 * the number
of physical servers more to audit or restore in the worst case. I agree
that the potential risk is greater, but I think it gets blown out of
proportion by the media.

Another CVE like the vmsplice hole in Linux could ruin your day just as
badly, if not worse. Or the Debian SSH keygen issue that went undetected
for years. I agree that examining the HV for potential holes is needed
work, but I think many focus on it just to ride the hype.

Its an interesting discussion, nonetheless. I've been running Xen since
2.0.7, I've never had to panic. Its interesting (and yeah, a little
scary) to wait and see what if anything so many more eyes looking will
turn up.

Cheers,
--Tim

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] malicious paravirtualized guests: security and isolation
  - From: Vasiliy Baranov
- [Xen-users] Re: malicious paravirtualized guests: security and isolation
  - From: Vasiliy Baranov
- Re: [Xen-users] Re: malicious paravirtualized guests: security and isolation
  - From: Rob MacGregor

Prev by Date: RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation
Next by Date: RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation
Previous by thread: Re: [Xen-users] Re: malicious paravirtualized guests: security and isolation
Next by thread: RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.