Xen project Mailing List

Re: [Xen-users] Should applications be running on Dom0

To: Nathan Eisenberg <nathan@xxxxxxxxxxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx

From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>

Date: Tue, 17 Aug 2010 20:55:28 +0100

Cc:

Delivery-date: Tue, 17 Aug 2010 12:56:47 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi Nathan,

Well, the bottom line is that if there is nothing running then there is nothing to hack.

Xen is a very secure hypervisor. Infact, there are no known open exploits. So, "breaking out" of a guest is extremely unlikely. It's all about reducing your chances and determining what risks are acceptable to you. The only way to be 100% safe and secure is to not own any servers at all - but then many of us would be out of jobs!

So, to answer your question, there isn't a specific example I can give - it's all about reducing risk.

On 17/08/10 20:47, Nathan Eisenberg wrote:

I hear this often, but I have yet to hear a satisfactory and technical explanation as to why. I’m not sure I agree that it is true.

Why is this the case?

-Nathan

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jonathan Tripathy
Sent: Tuesday, August 17, 2010 12:35 PM
To: Brent Bolin; Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-users] Should applications be running on Dom0

Depends on what your Xen setup is being used for.

If it's strictly lab/testing/internal things, then it really doesn't matter

If you're hosting stuff to the outside world, then the only thing that should be running on the Dom0 (apart from the Xen Guests), is iptables to firewall the guests.

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Brent Bolin
Sent: Tue 17/08/2010 20:27
To: Xen-users
Subject: [Xen-users] Should applications be running on Dom0

Or should Dom0 be lightweight with guest o/s's be doing that?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users