|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: Module loading in unpriveledged domains
Scott Mohekey wrote: > So from what I can gather, the user of an unpriveledged domain is > entirely capable of destroying their own domain?. If this is the > case, it is entirely acceptable. What I'm more concerned with > however, is the impact one unpriveledged domain can have on > another. I don't want one domain able to adversely affect other > domains running on the node. I understand that the point of weakness > for this is only xen itself which, being opensource and backed by a > great community, I am more than comfortable with. To say it simply: Module loading _may_ help an attacker circumvent Linux security on the unpriviledged domain to gain root on the unpriviledged domain. If the attacker has already gained root access on the unpriviledged domain, module loading has _no_ effect on trying to adversely affect other domains running on the node. So yes, that security is entirely up to Xen - and Xen security is fundamentally a sound approach, but of course remains to be seen as the deployment is not extensive. -- Naked ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |