|
xen-users
RE: [Xen-users] Re: Re: Exploiting XEN
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> Michelle Konzack
> Sent: 27 March 2007 15:57
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Re: Re: Exploiting XEN
>
> Am 2007-03-15 15:37:35, schrieb Kraska, Joe A (US SSA):
> > > A more interesting question is what about underprivileged
> attempts on
> > > dom-0 itself, i.e. non-root users?
> >
> > *shrug*
> >
> > I assume that local access implies probable total access.
> Facet count
> > exposures and all that. For myself, I would never let an
> untrusted user
> > onto dom0. EVER. Same with my ESX installations.
>
> This is exactly what I am concrned about...
>
> Info: I run a Development Workstation which was running at least 5
> installations of GNU/Linux:
>
> sda Master system (which one was booted)
> sdd Chroot Debian/Sid
> sde Chroot Debian/Etch
> sdf Chroot Debian/Sarge
> sdg Chroot Debian/Woody
>
> I was running 4 X server at once and the Master-System was only
> accessible for Root/Administrator.
>
> Now I have installed Xenm where sda is Dom0 and the others the DomU.
> Which mean I run fully in Dom0 and get the X server from DomU since
> I can not run the X window-system directly in the DomU and I have
> done it with the Chroots.
>
> Any suggestions?
If you're allowing others to "touch" your console, they can do anything
anyways [like boot from a CDROM and change the root password, for one
thing].
If you want others to use your guest-systems, then you can allow them to
SSH into the guest-system, and use their own console for X-windows (ssh
-X works for this - this is how I access my AMD-V machine, as my
"development" is my "console system" (I do have a KVM-switch, but it's
much easier to just access the AMD-V machine through the network).
I'm sorry if I misunderstood your problem description, and you're
actually asking/suggesting something else here.
--
Mats
>
> Note: If I run the Develpoment Workstation alone it is no
> problem, but sometimes I have other peoples working
> on it which I only partialy trust.
>
> Greetings
> Michelle Konzack
> Systemadministrator
> Tamay Dogan Network
> Debian GNU/Linux Consultant
>
>
> --
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
> ##################### Debian GNU/Linux Consultant
> #####################
> Michelle Konzack Apt. 917 ICQ #328449886
> 50, rue de Soultz MSN LinuxMichi
> 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: [Xen-users] Exploiting XEN, (continued)
- RE: [Xen-users] Exploiting XEN, Petersson, Mats
- Re: [Xen-users] Exploiting XEN, Daniel P. Berrange
- RE: [Xen-users] Exploiting XEN, Petersson, Mats
- Re: [Xen-users] Exploiting XEN, Mark Williamson
- [Xen-users] Re: Exploiting XEN, Anthony Liguori
- RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
- RE: [Xen-users] Re: Exploiting XEN, Tim Post
- RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
- RE: [Xen-users] Re: Exploiting XEN, Tim Post
- [Xen-users] Re: Re: Exploiting XEN, Michelle Konzack
- RE: [Xen-users] Re: Re: Exploiting XEN,
Petersson, Mats <=
- RE: [Xen-users] Re: Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
- RE: [Xen-users] Re: Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
Re: [Xen-users] Exploiting XEN, Tim Post
|
|
|
Home