|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Live Migration Config
> It's actually a huge security hole since a migrating domU carries its > device mappings to the target machine. Basically, you could create domU, > map one of its disks to say /dev/hdb, migrate it to a target machine and > gain access to /dev/hdb on the target. Same goes for any file used as a > disk on the source/target dom0. Yeah OK, it's horrid actually :-) Xend trusts anything the incoming config tells it... Could get nasty very quickly from both security and DoS perspectives. > Minimally, Xen should implement a simple hosts.allow hosts.deny mechanism > for migration so that a host can limit which other hosts can migrate in. > Relying on network isolation using a separate management network isn't > always practical. True... But it only really works if you're reasonably sure attackers can't get root on any system. If you have virtual machines that could have been rooted by someone malicious they can still spoof IP addresses, sniff the contents of other domUs that are currently being migrated, etc. At least using a separate virtual lan would be nice, but there should still be more support in Xend for a sanely secure mixed network. It'll come, eventually... Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |