|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] domU to dom0 security
> I am considering using XEN to host "virtual dedicated servers" for a
> few of my clients. Are there any security issues that would allow domU
> (guestOS) admins access to dom0
No the aim is for domUs to have no more power to abuse dom0 than a separate
physical machine would (i.e. they'd have to use some sort of network based
attack, just like another machine would).
> or global xend commands by default?
I think the current default is to accept Xend commands anywhere (!). You can
restrict this to only allow commands from localhost (i.e. from users local to
dom0). This is a bit better, as long as you trust your dom0 users.
You'll probably want to use some firewall rules in dom0 to isolate the Xend
and Xfrd services appropriately.
Cheers,
Mark
> If
> so, is there anything I can do to lock it down so that only dom0 users
> (root) would have access to dom0 and the xend commands?
>
> Thanks,
> Brian
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
> Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
> Embedded(r) & Windows Mobile(tm) platforms, applications & content.
> Register by 3/29 & save $300
> http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/xen-devel
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
|
|
|
|