|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
On Fri, 2005-03-04 at 13:35, Adam Heath wrote: > Once the xen packages are accepted out of debian's incoming queue, I can be > assured of having this bug filed, and it being tagged security. It *is* a > problem. Saying it wasn't designed with this in mind doesn't make it a > non-issue. I'm not saying it's a non-issue :-) It's one of the reasons I'm working on VM-Tools. Security is not something you can just retro-fit into something. It has to be designed in from the beginning. That said, I don't think Xend not being secure on a hostile dom0 is a bug per-say. Really, having a hostile dom0 is putting an awful lot of faith in the Linux syscall interface. Remember, dom0 is a single point of failure. If dom0 is compromised, all of your VMs are. We debated this previously with respect to boot loaders. At the end of the day, you just don't want any code running, no matter how restricted, in dom0 that you don't trust. Regards, -- Anthony Liguori Linux Technology Center (LTC) - IBM Austin E-mail: aliguori@xxxxxxxxxx Phone: (512) 838-1208 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |