[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XCP: Insecure Distro ?

On May 9, 2011, at 6:29 PM, Adrien Guillon wrote:

Security updates are common, and generally do not make major interface
changes by design.  I have no desire to update anything aside from
receiving fixes for buffer overflows, or other exploits that are found
in the wild.  The system in question should be in production for
several years, and security patches are inevitable during that period
of time.

In Xen's case I will have to disagree. If you're trying to build an HA cluster, you need to make sure all your nodes have precisely the same dom0 if you want things like live migration to work properly.

Besides disrupting one single system, problems caused by updates could potentially harm the entire pool (how do you update all dom0 nodes to the same software version at the same time and make sure nothing will try to be "live migrated" from one node to another in the meanwhile?)

The concern about buffer overflows is intrinsically related to security, which is the next topic...

It likely took some effort to eliminate /etc/shadow in the first
place, as this has been standard practice for a very long time.  I
will not debate the merits of storing hashes in /etc/passwd or
/etc/shadow because that debate ended a very long time ago.  Quite
simply this distro has a major security flaw.

As others have pointed out, dom0 is not supposed to be accessed by anybody other than root. I would go further and say it's not supposed to be accessed over any public network, such as the Internet or the wifi network you'd find in a Starbucks.

I believe the main idea is that you should isolate dom0 from the world in all possible ways, so no matter what security flaws it might have, they will never be exploited.

Maybe they should make it explicit like: you should always run dom0 on a private network, controlled and secured by VPNs or any other methods.

Best regads,
Eduardo Bragatto

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.