[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] If a DomU was compramised..

  • To: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
  • Date: Thu, 20 May 2010 22:23:53 +1000
  • Cc:
  • Delivery-date: Thu, 20 May 2010 05:27:20 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: Acr4FZ78j8DEJe8XQfuONuMiTQYJSQAANMNA
  • Thread-topic: [Xen-users] If a DomU was compramised..
> 
> If a DomU was compramised, could the Dom0 or other DomUs be
compramised?
> 
> I guess I'm trying to work out how much isolated Xen gives..
> 

Not by design, but there is always the possibility that an errant DomU
could exploit a bug and compromise the hypervisor or Dom0 that way.

But depending on what your DomU does, it may be trusted by other servers
on your network so it's obviously never a good thing, but that's not
really anything to do with Xen.

In writing PV drivers for Windows I have caused complete system crashes
before, which means it is (or at least was) possible to crash the whole
system from a DomU. That was over a year ago and I never followed up
exactly what caused the problem other than to fix the bug in my driver.

I'd be interested to hear about what sort of analysis has been done on
this subject... do any papers exist?

James


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.