|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] Security Implications of letting customers use theirown kernel
> > Hi Everyone, > > What are the security implications of letting customers install their > own kernel? > > In my own research, I have only seen things that would compromise their > own DomU. My main area on concern is to protect all the other DomUs. > > An area of potential concern is if someone were to build a kernel that > enabled "No Execute" or "Disable Execution", could that compromise other > DomUs? Or would that just leave their DomU vulnerable to running > malicious code? > > Anyone aware of anything else? > Anything that allows a DomU to compromise Dom0 is a serious security bug and should be reported and fixed. Once I get my hands on a proper test box I plan to do some testing on this as during development of GPLPV I have managed to crash Dom0 due to pre-release testing of buggy code. This probably hasn't happened since Xen 3.0.x though, which is ancient now, but I'd like to have some confidence that nothing I throw at Dom0 will break it. James _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |