[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Using Xen as a jail for malicious code

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Sun, 23 Oct 2005 12:37:01 +0100
Cc: Rob Renaud <rrenaud@xxxxxxxxx>
Delivery-date: Sun, 23 Oct 2005 11:34:58 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

> I am beginning to write some open source programming contest software
> (http://threec.berlios.de).  I am wondering if Xen would be a suitable
> jail for arbitrary and anonymous code submitted for the judging
> software.

That's what it was originally created for: containment of arbitrary untrusted 
code submitted to a Xenoserver (Xenoservers project described: 
http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/).

> I'd like to ensure that code can run for only a limited 
> time, use a limited amount of memory, and not have access to resources
> including the network and most of the judger's filesystem.

Yep, that's all doable.  You should obviously take precautions just in case 
somebody's code actively attempts to "break out" of it's domain but even that 
*shouldn't* be possible (we don't know of any way to do this, so if it was 
possible it'd be a high-priority bugfix...).

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Using Xen as a jail for malicious code
  - From: Florian Weimer

References:
- [Xen-users] Using Xen as a jail for malicious code
  - From: Rob Renaud

Prev by Date: [Xen-users] xensv web page displaying what it should
Next by Date: [Xen-users] xen box borked?
Previous by thread: [Xen-users] Using Xen as a jail for malicious code
Next by thread: Re: [Xen-users] Using Xen as a jail for malicious code
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.