[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Is Xen affected by this x86 hardware security hole?



On Tuesday 02 May 2006 10:46, Mark Williamson wrote:
> > Thanks for the resonses.
> >
> > For those interested in the gory details of a proof-of-concept exploit,
> > it's all laid out in the 16-page pdf by Loic Duflot:
> >
> > http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper
> >.pdf
> 
> Ah, interesting.
> 
> It turns out this exploit is something new, in that it's not something I'd 
> heard of before.  But it looks mostly interesting to OpenBSD.  Why?  Because 
> OpenBSD has more sane controls on the X Server than Linux, and so the fact 
> that it can elevate privileges is worrysome.  Since on Linux it (often) runs 
> with superuser privileges anyhow, this attack isn't the main problem...
> 
> Their exploit *does* show that mmap of the video ram, combined with the 
> ability to access IO port 0xB2 is enough for a root exploit...  I don't know 
> if fbdev is restrictive enough to prevent this - OBSD have obviously tried to 
> minimise X11's privileges and still found it circumventable.
> 
> Nevertheless, Xen offers confinement.  Also, as Keir pointed out, there are 
> stricter restrictions on what even dom0 can do (and these can be made even 
> more strict).
> 
> Cheers,
> Mark

If it turns out that Xen has the capability to prevent this exploit in 
virtualized operating systems,
that capability could become a big inducement to use Xen all the time - 
certainly in my case.

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.