As of now, is 3.4.3 free of known exploits? I understand what you
are saying about 3.0.3 and 3.2.x as they have a couple of bad exploits...
Cheers
I'd keep it up to snuff, yes. I myself test ran each XCP
release
candidate and the upgraded to the final 0.5.0 release within 24 hours
of
each becoming available.
I really shudder to see people
recommending running old 3.0.3 and 3.2.x
releases because that's what happens
to get thrown in with the
particular Linux distribution. I think it's bad
news.
Vern Burke
SwiftWater Telecom
http://www.swiftwatertel.com
Xen
Cloud Control System
http://www.xencloudcontrol.com
On
7/16/2010 7:59 AM, Jonathan Tripathy wrote:
> Thanks Vern,
> I can
indeed keep my VMs up to date, however the customers will be in
> charge
of their VMs so I can't upgrade theirs, however I think this is a
> moot
point as they will have root access anyway.
> I should probably upgrade my
Xen 3.4.2 to 3.4.3 then?
> Thanks
>
>
------------------------------------------------------------------------
>
*From:* Vern Burke [mailto:vburke@xxxxxxxx]
> *Sent:* Fri
16/07/2010 12:25
> *To:* Jonathan Tripathy;
xen-users-bounces@xxxxxxxxxxxxxxxxxxx;
>
Xen-users@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Xen-users] Xen
Security
>
> I did NOT say that. Like much of the current discussion
about cloud
> security, it comes down to degree of likely. You are FAR
more likely to
> have a VM hacked directly as the result of lousy system
admin practices
> than you are some remote theoretical possibility of
someone breaching
> the hypervisor.
>
> In my opinion, unless
you're storing nuclear launch codes, keep the
> cloud/hypervisor up to
date, keep the guest OS up to date, and follow
> system admin best
practices and the chances of being hacked are
> vanishingly
small.
>
> Vern
>
> Vern Burke, SwiftWater Telecom, http://www.swiftwatertel.com
>
>
-----Original Message-----
> From: Jonathan Tripathy
<jonnyt@xxxxxxxxxxx>
> Sender:
xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> Date: Fri, 16 Jul 2010
08:05:43
> To: Vern Burke<vburke@xxxxxxxx>;
<Xen-users@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Xen-users] Xen
Security
>
> Hi Vern,
>
> So you think I should just set
up my networking properly and forget
> about the rest? Do you feel it ok
to share the same Xen host with
> internal VMs with public
VMs?
>
> Thanks
>
>
> On 16/07/10 02:10, Vern
Burke wrote:
> > I have no idea how you could actually PROVE that
there's no possible
> > way someone could break out of a dom U
into the dom 0. As I've written
> > before, since Xen is out and
about in such a large way (being the
> > underpinning of Amazon
EC2) that if there was a major risk of this,
> > we'd have seen
it happen already.
> >
> > Vern
Burke
> >
> > SwiftWater Telecom
>
> http://www.swiftwatertel.com
>
> ISP/CLEC Engineering Services
> > Data Center
Services
> > Remote Backup Services
>
>
> > On 7/15/2010 7:07 PM, Jonathan Tripathy
wrote:
> >>
> >> On 15/07/10 23:49, Jonathan
Tripathy wrote:
> >>> Hi Everyone,
>
>>>
> >>> My Xen host currently run DomUs which
contain some very sensitive
> >>> information, used by our
company. I wish to use the same server to
> >>> host some
VMs for some customers. If we assume that networking is set
>
>>> up securely, are there any other risks that I should worry
about?
> >>>
> >>> Is Xen secure
regarding "breaking out" of the VM?
> >>>
>
>>> Thanks
> >>>
> >>>
_______________________________________________
> >>>
Xen-users mailing list
> >>>
Xen-users@xxxxxxxxxxxxxxxxxxx
> >>> http://lists.xensource.com/xen-users
>
>>
> >> I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the
way.
> >>
> >>
_______________________________________________
> >> Xen-users
mailing list
> >> Xen-users@xxxxxxxxxxxxxxxxxxx
>
>> http://lists.xensource.com/xen-users
>
>>
>
> _______________________________________________
>
Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
>
>
_______________________________________________
> Xen-users mailing
list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
