[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] How to crash nics and hosts

On Friday 05 August 2005 11:10, Andreas Seuss wrote:

> >Maybe someone finds a way to abuse such behaviour? Does it pose a
> >possible security threat or can this issue just be disregarded?

Well, domains with hardware access can't really be made secure, and IIRC the 
documentation also tells so..

Just imagine a busmaster capable PCI device:
the domU with access to it could instruct it to overwrite arbitrary memory 
locations, even inside the hypervisor.

So unless the hypervisor traps ALL hardware accesses, and checks them for 
validity (which would require xen to know everything about all hardware to be 
used, ...) before executing, a malicious domain with hardware access can 
always crash the system...

That approach would be rather slow (about the speed of completely emulated 
hardware I'd suppose), so just exporting virtual devices from a driver domain 
is way easier (and probably much faster) if you need protection from 
malicious domUs

Maybe the hardware support for virtualization in the next generation CPUs will 
provide a solution there...


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.