[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Exploiting XEN
On Tue, Mar 13, 2007 at 04:30:53PM +0100, Petersson, Mats wrote: > > -----Original Message----- > > From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx > > [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > > Artur Baruchi > > Sent: 13 March 2007 14:43 > > To: Xen-users@xxxxxxxxxxxxxxxxxxx > > Subject: [Xen-users] Exploiting XEN > > > > Hi guys, > > > > Im making somes researchs about security in Virtual Machines, and does > > anybody knows, if exists a exploit or a rootkit for Xen? I would like > > to test it (if exist). > > Please take this the right way... If we assume one does exist, would you > send it to me, if I asked you? [particularly if my e-mail address was of > an "anonymous" origin like gmail?] - how do I know that the purpose you > are asking for is the purpose you are REALLY asking for, rather than for > example that you know someone's machine is Xen-based and you want to > break into it. This is a non-moderated mailing-list, anyone with an > e-mail account anywhere in the world (more or less) can sign up. > > I personally am not aware of any "rootkit" that relates to Xen. And more to the point, if any of the Xen developers did know of a "rootkit" you can be damn sure they'd be fixing whatever flaw made it possible, rather than passing it around for people to try out. > The Xen hypervisor is fairly small, and thus relatively easy to > understand and control against vulnerabilities. Since it's living > "outside" the host-OS that it controls, it's potentially less vulnerable > than those hypervisors that live within the host-OS. Nice in theory, but in practice you have to include Dom0 as (at this time) it has effectively unrestricted access to the hardware and is neccessarily trusted by every DomU that cards about disk or network I/O. While in theory Xen may allow a tighter security model, in the real-world deployments of Xen there's no better security from its arch of hypervisor outside the Dom0 OS, vs other virt systems which have the hypervisor as part of the Dom0. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |