[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building domains as a lesser user (was Re: [Xen-devel] boot loaders for domain != 0)



Anthony Liguori wrote:

Well, it's not the same as trusting a Domain's filesystem to be proper. But it still requires trusting that there are no exploitable bugs in the software.

Except that the attacker never gets his hand on any of this data. It is like telling you to exploit my mother's win95 box without the network or the keyboard being plugged in.

Using a lesser-user to create the domain within Domain-0 requires trusting there are no exploitable bugs in the kernel syscall interfaces.

So, it's a point of failure as much as Linux is.

Well, I do not agree with you there.

Anyway, this code is already written for Xen 1.3. You can find it at http://www.diku.dk/~jacobg/self-migration/

Awesome!  This is pretty cool stuff.  Do you have plans to update for Xen 
2.0/Linux 2.6? Kernel-driven migration seems like an appealing topic.

I would like to, now that it seems xend is going to be slimmed down. However, my time to work on this is a bit limited for the next six months :-(

thanks,
Jacob


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.