Re: [Xen-users] Running workstation and firewall on the same hardware

[Michal Ludvig <michal@xxxxxxxx>]

Mark Williamson wrote:

>>From what you wrote it seems that allowing 
>>domU access to the hardware is more risky than passing all packets to
>>domU through dom0.
> 
> Depends...  I guess if you trust that nothing can compromise the path in dom0 
> from eth0 to the domU's virtual ethernet then this is actually the case.  As 
> Goetz pointed out, though, it'd require a reasonably sophisticated attacker 
> to break out of a domain using DMA.

My paranoid mind tells me that if it is at all possible someone will do
it. Sooner or later.

> Bear in mind that if you're not running any services in the firewall domU, 
> the 
> only way it could get compromised is by a network-stack attack.  It still 
> fulfills the goal of protecting your bloatware (your words!) from the 
> internet...

Bloatware? Ah, you mean the GSM thing I mentioned some time ago. No no,
that was a different system. Actually I really like Xen and already
built 3 servers running it in production. Some more are in the queue.
Thanks for your great work, BTW! :-)

The server I'm now talking about is running one domain in the DMZ with
web/mail/DNS server and a dedicated NIC. I think I'll rework the setup a
little bit and will pass all data through dom0. Two eth bridges each
attached to one NIC and two domains each attached to one bridge. No
services will run in dom0.

> If a domain has a DMA capable card a sophisticated attacker can theoretically 
> own the whole machine - there is no sensible way to control DMAs on current 
> hardware.  I should point out nobody has ever done this but it is possible.

This wording will definitely sound like a challenge to someone ;-)

Michal Ludvig
-- 
* Personal homepage: http://www.logix.cz/michal

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users