Xen project Mailing List

Re: [Xen-users] Need help

To: John Sherwood <jrs@xxxxxx>

From: Andrew Bobulsky <rulerof@xxxxxxxxx>

Date: Sat, 12 May 2012 16:53:15 -0400

Cc: xen-users@xxxxxxxxxxxxx, Omkar Kulkarni <om.kulkarni41@xxxxxxxxx>

Delivery-date: Sat, 12 May 2012 20:53:55 +0000

List-id: Xen user discussion <xen-users.lists.xen.org>

That reminds me of a summary of what the recent ESX source code leak implied. Something about getting the hypervisor to call VMEXIT with a buffer overrun to export a malicious payload up to ring -1; really whacky stuff (from my point of view :D). There was a /great/ thread on the list the last month, discussing potential security implications of pygrub, you can browse through it here: http://lists.xen.org/archives/html/xen-users/2012-04/msg00460.html That said, giving access to Dom0 from a DomU gives you control over the Dom0, and in essence the whole system. Don't let DomU access Dom0 unless you trust the DomU with control over the whole machine, and all the VMs running within it! Cheers, Andrew Bobulsky On Sat, May 12, 2012 at 4:41 PM, John Sherwood <jrs@xxxxxx> wrote: > If you control the dom0, you have full access to the domU; the dom0, as it > is controls the native hardware, could read or alter the memory and storage > of the domU with impunity. > > As for gaining dom0 access from a domU, it depends on how the machine is > configured. However, assuming you're referring to attacks are specific to > attacking a dom0 from a domU, there are no (to my knowledge) known current > exploits, but as a rule, these are based on exploiting virtualized devices > (e.g., exploiting QEMU rather than Xen itself). > > On Sat, May 12, 2012 at 4:26 PM, Omkar Kulkarni <om.kulkarni41@xxxxxxxxx> > wrote: >> >> Is it possible to get dom0 access from domU? And if I have dom0 access, >> what are the threats to domU? Is it possible to simulate an attack on dom0 >> or domU? I need a urgent help, As my academic work I am working on it. >> >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@xxxxxxxxxxxxx >> http://lists.xen.org/xen-users >> > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxx > http://lists.xen.org/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users

References:

[Xen-users] Need help
- From: Omkar Kulkarni
Re: [Xen-users] Need help
- From: John Sherwood

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.