[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Is Xen affected by this x86 hardware security hole?
On Tuesday 02 May 2006 10:46, Mark Williamson wrote: > > Thanks for the resonses. > > > > For those interested in the gory details of a proof-of-concept exploit, > > it's all laid out in the 16-page pdf by Loic Duflot: > > > > http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper > >.pdf > > Ah, interesting. > > It turns out this exploit is something new, in that it's not something I'd > heard of before. But it looks mostly interesting to OpenBSD. Why? Because > OpenBSD has more sane controls on the X Server than Linux, and so the fact > that it can elevate privileges is worrysome. Since on Linux it (often) runs > with superuser privileges anyhow, this attack isn't the main problem... > > Their exploit *does* show that mmap of the video ram, combined with the > ability to access IO port 0xB2 is enough for a root exploit... I don't know > if fbdev is restrictive enough to prevent this - OBSD have obviously tried to > minimise X11's privileges and still found it circumventable. > > Nevertheless, Xen offers confinement. Also, as Keir pointed out, there are > stricter restrictions on what even dom0 can do (and these can be made even > more strict). > > Cheers, > Mark If it turns out that Xen has the capability to prevent this exploit in virtualized operating systems, that capability could become a big inducement to use Xen all the time - certainly in my case. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing" _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |