[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] protecting xen startup
On Tue, Nov 23, 2004 at 09:03:39PM +0000, Ian Pratt wrote: > > > >is the port 8000 stuff actually running in the xen boot-up stuff? > > > > > > Xend starts its HTTP interface when it starts up and will do anything the > > > HTTP interface tells it to do. If Xend isn't running then the HTTP > > > interface is not accessible (but you can't do a lot without Xend). > > > > ... but there's nothing to prevent the merging of the xend and the xm > > programs, bypassing the use of HTTP, right? > > You might want to think twice before doing that, or at least have > some alternative story about how you'd do administration of a > pool of VMs running over a cluster of nodes. > > I guess you're probably thinking of multi-level secure VMs on a > single host (e.g. a laptop), yes (see below for details). > but the cluster side is important > too. ah, so. even inside a guest OS is it possible to access the HTTP interface? > I guess it might be possible to weld xm and xend directly to each > other in the single machine case. perhaps i should explain: i am looking to use xen to implement a new level of paranoid security. i aim to run single applications, such as firefox and openoffice, in their own dedicated virtual machines, a localised file server in one (or more if i can get GFS or OCFS2 to work) virtual machine(s), and for the applications to each connect to the xen master running an x-server [nomachine isn't quite suitable, i may have to write my own ssh-based x-proxy]. allowing a compromised guest OS to fire up another virtual machine, connect to the x-server and spoof "please enter your password" dialog boxes is therefore to be avoided!!! i am so pleased and relieved that xm is written in python. i grok python. l. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |