[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

To: xen-users@xxxxxxxxxxxxx
From: Peter <peter@xxxxxxxxxxxxxxxx>
Date: Fri, 15 Jun 2012 17:47:14 +1200
Delivery-date: Fri, 15 Jun 2012 05:49:03 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On 15/06/12 00:51, Fajar A. Nugraha wrote:
> Also, even if that were the case, there's the issue of "how do you
> make sure your domUs ONLY use the safe kernel if the domU is not
> within your control and it boots with pygrub/pvgrub" (which roughly
> means your users can change the running kernel with their own,
> possibly "unsafe" kernel.

My understanding (and I may be wrong) is if either the hypervisor is
patched or the domu kernel that mitigates the vulnerability, so if you
patch the hypervisor then you don't have to worry about someone trying
to exploit it with a vulnerable kernel.

It's not to hard to rebuild the .src.rpm to include the patch.  I've
already done it myself with the mayoung packages for RHEL6.

Peter

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

References:
- Re: [Xen-users] PV privilege escalation - advisory
  - From: John Creol
- Re: [Xen-users] PV privilege escalation - advisory
  - From: Fajar A. Nugraha

Prev by Date: Re: [Xen-users] About 10GE performane on domU (with xen3.4.4)
Next by Date: [Xen-users] What do you do for Xen 4.2?
Previous by thread: Re: [Xen-users] PV privilege escalation - advisory
Next by thread: [Xen-users] Very slow VBD writes in domU under Linux 3.3, ok under 3.0.x
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.