[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Need help

To: xen-users@xxxxxxxxxxxxx
From: Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Date: Sun, 13 May 2012 18:37:36 +0100
Delivery-date: Sun, 13 May 2012 17:39:16 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Omkar Kulkarni wrote:

I am a student of engineering from India. I am working on my singlelaptop only. As a part of my academic study I an working on xensecurity issues. In this study, I need to simulate a simple or anyattack to dom0 or domU like hijacking , or denial of service attacketc. I want to ask, how can i exploit domU or dom0 from domU. Isthere any procedure/steps/material to do that? I need an urgent help

Firstly, have a read of this (read the whole document, not just thebit this link takes you to) :

http://www.catb.org/~esr/faqs/smart-questions.html#urgent

Lack of planning on your part does not constitute an emergency on ours.

In other words, saying "I need urgent help" does not get you specialtreatment - you should have asked the questions earlier when itwasn't urgent.

In theory, since the hypervisor runs code from DomU, then it ispossible that if a flaw (bug) exists in the hypervisor then it couldbe used by malicious code to cause either a crash (denial of service)or code execution. As already mentioned, there are no known exploits- if there were then they would have been fixed.

A second attack vector might be via the boot process. If Dom0 isusing PyGrub to load and execute a kernel & initrd from the DomUfilesystem in order to start a DomU, then there is a theoretical riskthat a carefully crafted DomU filesystem could exploit a flaw in thefilesystem access libraries used by PyGrub. Again, non are knownabout.

Then there are things like USB/PCI/VGA passthrough where control oversystem resources is passed over to a guest. This implies an elevatedlevel of access to the hardware - and hence a risk of exploiting aflaw (which may in fact be a hardware flaw).

Lastly, I believe there are commands to send messages to the guest -eg a script in Dom0 can signal the guest to sync it's buffers out todisk. Again, there is the potential for flaws in that to allow acarefully crafted response to cause a crash or arbitrary codeexecution. But since the response is (I'm guessing) no more than asmall integer, I doubt that there is much scope there.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] Need help
  - From: Ian Campbell

References:
- [Xen-users] Need help
  - From: Omkar Kulkarni
- Re: [Xen-users] Need help
  - From: Ian Tobin
- Re: [Xen-users] Need help
  - From: Omkar Kulkarni

Prev by Date: Re: [Xen-users] Need help
Next by Date: Re: [Xen-users] gaming on multiple OS of the same machine?
Previous by thread: Re: [Xen-users] Need help
Next by thread: Re: [Xen-users] Need help
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.