[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Re: Re: Exploiting XEN


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Michelle Konzack <linux4michelle@xxxxxxxxxx>
  • Date: Tue, 27 Mar 2007 16:57:21 +0200
  • Delivery-date: Tue, 27 Mar 2007 07:59:27 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Organisation: Michelle's Selbstgebrautes

Am 2007-03-15 15:37:35, schrieb Kraska, Joe A (US SSA):
> > A more interesting question is what about underprivileged attempts on
> > dom-0 itself, i.e. non-root users?
> 
> *shrug*
> 
> I assume that local access implies probable total access. Facet count
> exposures and all that. For myself, I would never let an untrusted user
> onto dom0. EVER. Same with my ESX installations.

This is exactly what I am concrned about...

Info:  I run a Development Workstation which was running at least 5
installations of GNU/Linux:

   sda          Master system (which one was booted)
   sdd          Chroot Debian/Sid
   sde          Chroot Debian/Etch
   sdf          Chroot Debian/Sarge
   sdg          Chroot Debian/Woody

I was running 4 X server at once and the Master-System was only
accessible for Root/Administrator.

Now I have installed Xenm where sda is Dom0 and the others the DomU.
Which mean I run fully in Dom0 and get the X server from DomU since
I can not run the X window-system directly in the DomU and I have
done it with the Chroots.

Any suggestions?

Note: If I run the Develpoment Workstation alone it is no
      problem, but sometimes I have other peoples working
      on it which I only partialy trust.

Greetings
    Michelle Konzack
    Systemadministrator
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSN LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.