Xen project Mailing List

Re: [Xen-users] Exploiting XEN

To: "Petersson, Mats" <Mats.Petersson@xxxxxxx>

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Date: Tue, 13 Mar 2007 15:43:26 +0000

Cc: Artur Baruchi <mail.baruchi@xxxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 13 Mar 2007 08:42:46 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

On Tue, Mar 13, 2007 at 04:30:53PM +0100, Petersson, Mats wrote: > > -----Original Message----- > > From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx > > [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > > Artur Baruchi > > Sent: 13 March 2007 14:43 > > To: Xen-users@xxxxxxxxxxxxxxxxxxx > > Subject: [Xen-users] Exploiting XEN > > > > Hi guys, > > > > Im making somes researchs about security in Virtual Machines, and does > > anybody knows, if exists a exploit or a rootkit for Xen? I would like > > to test it (if exist). > > Please take this the right way... If we assume one does exist, would you > send it to me, if I asked you? [particularly if my e-mail address was of > an "anonymous" origin like gmail?] - how do I know that the purpose you > are asking for is the purpose you are REALLY asking for, rather than for > example that you know someone's machine is Xen-based and you want to > break into it. This is a non-moderated mailing-list, anyone with an > e-mail account anywhere in the world (more or less) can sign up. > > I personally am not aware of any "rootkit" that relates to Xen. And more to the point, if any of the Xen developers did know of a "rootkit" you can be damn sure they'd be fixing whatever flaw made it possible, rather than passing it around for people to try out. > The Xen hypervisor is fairly small, and thus relatively easy to > understand and control against vulnerabilities. Since it's living > "outside" the host-OS that it controls, it's potentially less vulnerable > than those hypervisors that live within the host-OS. Nice in theory, but in practice you have to include Dom0 as (at this time) it has effectively unrestricted access to the hardware and is neccessarily trusted by every DomU that cards about disk or network I/O. While in theory Xen may allow a tighter security model, in the real-world deployments of Xen there's no better security from its arch of hypervisor outside the Dom0 OS, vs other virt systems which have the hypervisor as part of the Dom0. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.