This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

On Fri, 2005-03-04 at 13:35, Adam Heath wrote:

> Once the xen packages are accepted out of debian's incoming queue, I can be
> assured of having this bug filed, and it being tagged security.  It *is* a
> problem.  Saying it wasn't designed with this in mind doesn't make it a
> non-issue.

I'm not saying it's a non-issue :-)  It's one of the reasons I'm working
on VM-Tools.  Security is not something you can just retro-fit into
something.  It has to be designed in from the beginning.

That said, I don't think Xend not being secure on a hostile dom0 is a
bug per-say.  Really, having a hostile dom0 is putting an awful lot of
faith in the Linux syscall interface.

Remember, dom0 is a single point of failure.  If dom0 is compromised,
all of your VMs are.

We debated this previously with respect to boot loaders.  At the end of
the day, you just don't want any code running, no matter how restricted,
in dom0 that you don't trust.


Anthony Liguori
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguori@xxxxxxxxxx
Phone: (512) 838-1208

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Xen-devel mailing list