|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: Exploiting XEN
Petersson, Mats wrote: I guess that's a fair comment too. Dom0 is a large part of a Xen environment, and if Dom0 is compromised, then Xen can't really do that much to prevent the system from being crashed, subverted or other malicious acts. But I believe Xen itself is "safe" from Dom0 being compromised It's not. Dom0 (or any IO domain) has direct access to DMA controllers. It can use DMA to overwrite the hypervisor's memory with arbitrary data. It would be rather trivial for dom0 to escalate itself to ring 0 by simply locating the IDT, writing a new IDT to disk, and then doing a DMA read operation with the physical address of the IDT's. Regards, Anthony Liguori - but it's moot point, as Xen on it's own is about as useful as a chocalte teapot.But Xen isn't really the "culprit" in this scenario - it's the same scenario for Linux (or whatever other OS we care to choose) without a hypervisor. -- MatsDan. --|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |