[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XCP: Insecure Distro ?

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Eduardo Bragatto <eduardo@xxxxxxxxxxxx>
Date: Mon, 9 May 2011 22:44:03 -0300
Delivery-date: Mon, 09 May 2011 18:44:54 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On May 9, 2011, at 6:29 PM, Adrien Guillon wrote:

Security updates are common, and generally do not make major interface
changes by design.  I have no desire to update anything aside from
receiving fixes for buffer overflows, or other exploits that are found
in the wild.  The system in question should be in production for
several years, and security patches are inevitable during that period
of time.

In Xen's case I will have to disagree. If you're trying to build an HAcluster, you need to make sure all your nodes have precisely the samedom0 if you want things like live migration to work properly.

Besides disrupting one single system, problems caused by updates couldpotentially harm the entire pool (how do you update all dom0 nodes tothe same software version at the same time and make sure nothing willtry to be "live migrated" from one node to another in the meanwhile?)

The concern about buffer overflows is intrinsically related tosecurity, which is the next topic...

It likely took some effort to eliminate /etc/shadow in the first
place, as this has been standard practice for a very long time.  I
will not debate the merits of storing hashes in /etc/passwd or
/etc/shadow because that debate ended a very long time ago.  Quite
simply this distro has a major security flaw.

As others have pointed out, dom0 is not supposed to be accessed byanybody other than root. I would go further and say it's not supposedto be accessed over any public network, such as the Internet or thewifi network you'd find in a Starbucks.

I believe the main idea is that you should isolate dom0 from the worldin all possible ways, so no matter what security flaws it might have,they will never be exploited.

Maybe they should make it explicit like: you should always run dom0 ona private network, controlled and secured by VPNs or any other methods.


Best regads,
Eduardo Bragatto

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] XCP: Insecure Distro ?
  - From: Joseph Glanville

References:
- [Xen-users] XCP: Insecure Distro ?
  - From: Adrien Guillon
- Re: [Xen-users] XCP: Insecure Distro ?
  - From: riki
- Re: [Xen-users] XCP: Insecure Distro ?
  - From: Adrien Guillon

Prev by Date: Re: [Xen-users] XCP: Insecure Distro ?
Next by Date: Re: [Xen-users] XCP: Insecure Distro ?
Previous by thread: Re: [Xen-users] XCP: Insecure Distro ?
Next by thread: Re: [Xen-users] XCP: Insecure Distro ?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.