[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Xen Security


  • To: "Simon Hobson" <linux@xxxxxxxxxxxxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
  • Date: Fri, 16 Jul 2010 09:32:04 +0100
  • Cc:
  • Delivery-date: Fri, 16 Jul 2010 01:37:58 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: Acskv1QjW/OFNOYoQXKc8GZC3p8IdgAAgqdZ
  • Thread-topic: [Xen-users] Xen Security


 

Jonathan Tripathy wrote:

>Can you please explain to me some of these "side channel attacks"?

At some points, the guest and host are communicating, not to mention
that for a lot of the time, the guest is using the processor. If
there is a bug in Xen somewhere, then it's conceivable that the guest
could exploit this in several ways.

One is simply to subvert the communications between the guest and the
host - things like buffer overflows, code injection, etc that could
be used to manipulate the host into doing something that it's not
supposed to. If a guest can somehow get control of the host then all
security is out of the windows since the host has "super god" access
to everything on the machine.

If the guest can somehow subvert the security settings in the
processor then it could break out of it's virtual processor jail and
have access to the whole machine. Once again, if that happens, then
all your security goes out of the window.

Personally I don't think the risks are high, but these are complex
systems running complex code. Even the "big boys" can get things
wrong - remember the Pentium floating point bug that slipped through
all Intel's testing ?


>I've never heard of "storage reuse" before?

You have some storage used for task A. Task A is no longer required
and you destroy it. You now have a need for Task B and allocate it
some storage. Unless you fully wipe the space, then the storage
allocated to Task B may contain data previously used by Task A. This
isn't Xen specific, the same thing happens if you reuse any storage
in any form without sanitising it first.

-
--
Simon Hobson

-----------------------------------------------------------------------------------------------------------------------------------

Hi Simon,

Regarding storage "reuse", I'm guessing the best thing that I can do is zero an LV (dd if=/dev/zero of=/dev/vg/lvx) before assigning it to a public VM?

Regarding the other things, are there any unpatched known exploits in Xen? I believe that the lady that made the "Blue Pill" found one, but I think that was patched? Is there anything I can do? Or should I just relax?

It's funny that when I was using VMWare ESXi, I (any many others) were happy to mix internal and public VMs on the same machine, all because it was backed by a big company. I'm guessing the same risks apply to Xen as they do VMWare?

Thanks


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.