[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XCP: Insecure Distro ?

  • To: Joseph Glanville <joseph.glanville@xxxxxxxxxxxxxx>
  • From: Christopher J Petrolino <cpetrolino@xxxxxxxxx>
  • Date: Mon, 9 May 2011 22:32:30 -0400
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 09 May 2011 19:33:49 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=qrcmFO1pAhofvFXuYp3PdFEse2OPKrNd9aix8gaZoVU2JWKxwlDVeW12NjMKMHwpKR epqFVG8Ker7F3Q/xR9CXhSgXeZV+0e4MYye3tI1OWJLaiopdbR6r5d7sb0mMdIaJN9Sr BaiolViq4SQL/uc0C85L9KzEM3+IzWBPH0W9k=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Joseph you are exactly right documentation is definitely in need of
work in the case of XCP. Fortunately for the community the person who
is spearheading the effort is a really bright individual and in the
long run the documentation will get there.

On Mon, May 9, 2011 at 10:24 PM, Joseph Glanville
<joseph.glanville@xxxxxxxxxxxxxx> wrote:
> Hi,
> The points highlighted don't represent security risks if the dom0 is
> properly isolated on a secure management network.
> Following that, the only attack vector then available is exploitation
> of the hypervisor from untrusted guests. At which point UNIX
> permissions aren't worth much.
> However, the fact someone was to bring up the points signifies there
> is a lack of communication as to how XCP and systems like it are meant
> to be employed. Possibly some further documentation on XCP best
> practices is in order?
> Joseph.
> On 10 May 2011 11:44, Eduardo Bragatto <eduardo@xxxxxxxxxxxx> wrote:
>> On May 9, 2011, at 6:29 PM, Adrien Guillon wrote:
>>> Security updates are common, and generally do not make major interface
>>> changes by design.  I have no desire to update anything aside from
>>> receiving fixes for buffer overflows, or other exploits that are found
>>> in the wild.  The system in question should be in production for
>>> several years, and security patches are inevitable during that period
>>> of time.
>> In Xen's case I will have to disagree. If you're trying to build an HA
>> cluster, you need to make sure all your nodes have precisely the same dom0
>> if you want things like live migration to work properly.
>> Besides disrupting one single system, problems caused by updates could
>> potentially harm the entire pool (how do you update all dom0 nodes to the
>> same software version at the same time and make sure nothing will try to be
>> "live migrated" from one node to another in the meanwhile?)
>> The concern about buffer overflows is intrinsically related to security,
>> which is the next topic...
>>> It likely took some effort to eliminate /etc/shadow in the first
>>> place, as this has been standard practice for a very long time.  I
>>> will not debate the merits of storing hashes in /etc/passwd or
>>> /etc/shadow because that debate ended a very long time ago.  Quite
>>> simply this distro has a major security flaw.
>> As others have pointed out, dom0 is not supposed to be accessed by anybody
>> other than root. I would go further and say it's not supposed to be accessed
>> over any public network, such as the Internet or the wifi network you'd find
>> in a Starbucks.
>> I believe the main idea is that you should isolate dom0 from the world in
>> all possible ways, so no matter what security flaws it might have, they will
>> never be exploited.
>> Maybe they should make it explicit like: you should always run dom0 on a
>> private network, controlled and secured by VPNs or any other methods.
>> Best regads,
>> Eduardo Bragatto
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
> --
> Kind regards,
> Joseph.
> Founder | Director
> Orion Virtualisation Solutions | www.orionvm.com.au | Phone: 1300 56
> 99 52 | Mobile: 0428 754 846
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.