[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XCP/Xen security


  • To: "Steven Timm" <timm@xxxxxxxx>
  • From: "Vern Burke" <vburke@xxxxxxxx>
  • Date: Tue, 16 Mar 2010 01:47:24 +0000
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 15 Mar 2010 18:48:26 -0700
  • Importance: Normal
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Sensitivity: Normal

The ability of a misbehaved DomU to crash the Dom0 isn't a pretty idea, but I 
can't imagine it would expose unauthorised user data, which seems to be what 
the big worry is about.

Vern 



------Original Message------
From: Steven Timm
To: Vern Burke
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] XCP/Xen security
Sent: Mar 15, 2010 21:40

I've never seen it happen, but according to the various security
bulletins that have come out on the xen kernels that come
from RedHat it can happen.
What I have done myself is by nasty I/O inside the domU to crash
not only the domU but panic the dom0 that is hosting it too.  I
think that is the bigger risk.

Much of this stuff if I understand correctly is due to
vulnerabilities in the virtual machines layer of the hardware itself.

Steve

On Tue, 16 Mar 2010, Vern Burke wrote:

> Greetings all:
>   Just a general question for the group at large. I find myself in the 
> position of fighting a lot of vague "cloud security issues".
>
> The question is, has anyone ever seen a VM break into the Xen hypervisor 
> layer and presumably break into another VM? I'm not talking about an external 
> attack on the Dom0, I'm talking about an internal attack through the DomU's 
> connection to the hypervisor.
>
> Vern
> Sent from my BlackBerry® wireless device from U.S. Cellular
>

-- 
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm@xxxxxxxx  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.




Sent from my BlackBerry® wireless device from U.S. Cellular
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.