|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Is Xen affected by this x86 hardware security hole?
> > Nevertheless, Xen offers confinement. Also, as Keir pointed out, there > > are stricter restrictions on what even dom0 can do (and these can be made > > even more strict). > > > > Cheers, > > Mark > > If it turns out that Xen has the capability to prevent this exploit in > virtualized operating systems, that capability could become a big > inducement to use Xen all the time - certainly in my case. Well, I think Keir was meaning we could even prevent it in dom0. You could disable writes to SMRAM in a domU, in principle. The question would be whether there are legitimate uses that would be compromised by this. For a locked-down machine, perhaps not. I'm a bit fuzzy on the voodoo of SMM ;-) You could also (again, in principle) report attempted writes to this area of memory to the system administrator so you could detect a possible attack. Cheers, Mark -- Dave: Just a question. What use is a unicyle with no seat? And no pedals! Mark: To answer a question with a question: What use is a skateboard? Dave: Skateboards have wheels. Mark: My wheel has a wheel! _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |