Xen project Mailing List

Re: [Xen-users] xen in hosting envoroment

From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>

Date: Sun, 03 Feb 2008 10:09:08 +0000

Delivery-date: Sun, 03 Feb 2008 02:05:32 -0800

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=ggDnDsKU9wOGPxTjF5UKg/PMwBiZ61i8cySmm8DrQsNMfrr2mICoVow6Tm0jolc0F/D06sBKBVrWgAqYJtkdTyj3xIWZxtH64/mxmh593Me9loZyecQDUGDwIJjcZdBzy858uIgypQE5DhP2pdkKqucOXK110p4erAmWaBmJr20=

List-id: Xen user discussion <xen-users.lists.xensource.com>

Azrul Rahim wrote:

Hi,

I am planning to offer a hosted xen server within my locality. My
question is, is there any security issue that I should be aware of. I
am currently letting user to choose which kernel they want to boot.

Is there any possibility, that with, say a recompiled kernel or kernel
module, a user can actually gain access to the Dom0?

Thank you

Azrul Rahim

That would be a *SERIOUS* bug, and if anyone knew of such, we'd be

reporting it pretty fast. There was a fascinating RHEL bug reported, in

the use of pygrub, because pygrub would read the grub contents from the

DomU at boot time and this created an interesting security risk for the

pygrub program itself.

A much bigger risk is the standard co-location risk of "these machines I

don't control are inside my network: how do I protect myself from them?".

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.