WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Using Xen as a jail for malicious code

from [Mark Williamson] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Using Xen as a jail for malicious code
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Sun, 23 Oct 2005 12:37:01 +0100
Cc: Rob Renaud <rrenaud@xxxxxxxxx>
Delivery-date: Sun, 23 Oct 2005 11:34:58 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <a5d9c4580510221804h1a6d0ad8wb395f66d49a09f49@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <a5d9c4580510221804h1a6d0ad8wb395f66d49a09f49@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.3 
> I am beginning to write some open source programming contest software
> (http://threec.berlios.de).  I am wondering if Xen would be a suitable
> jail for arbitrary and anonymous code submitted for the judging
> software.

That's what it was originally created for: containment of arbitrary untrusted 
code submitted to a Xenoserver (Xenoservers project described: 
http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/).

> I'd like to ensure that code can run for only a limited 
> time, use a limited amount of memory, and not have access to resources
> including the network and most of the judger's filesystem.

Yep, that's all doable.  You should obviously take precautions just in case 
somebody's code actively attempts to "break out" of it's domain but even that 
*shouldn't* be possible (we don't know of any way to do this, so if it was 
possible it'd be a high-priority bugfix...).

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] xensv web page displaying what it should, Jim Houchin
Next by Date:  [Xen-users] xen box borked?, mark foster
Previous by Thread:  [Xen-users] Using Xen as a jail for malicious code, Rob Renaud
Next by Thread:  Re: [Xen-users] Using Xen as a jail for malicious code, Florian Weimer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy