WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Re: Re: Exploiting XEN

To: "Michelle Konzack" <linux4michelle@xxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-users] Re: Re: Exploiting XEN
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Tue, 27 Mar 2007 17:20:30 +0200
Delivery-date: Tue, 27 Mar 2007 08:19:42 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070327145721.GQ6212@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcdwgPiDCgAMWm8hQFG7SusUDwUn0QAAh6rA
Thread-topic: [Xen-users] Re: Re: Exploiting XEN
 

> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Michelle Konzack
> Sent: 27 March 2007 15:57
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Re: Re: Exploiting XEN
> 
> Am 2007-03-15 15:37:35, schrieb Kraska, Joe A (US SSA):
> > > A more interesting question is what about underprivileged 
> attempts on
> > > dom-0 itself, i.e. non-root users?
> > 
> > *shrug*
> > 
> > I assume that local access implies probable total access. 
> Facet count
> > exposures and all that. For myself, I would never let an 
> untrusted user
> > onto dom0. EVER. Same with my ESX installations.
> 
> This is exactly what I am concrned about...
> 
> Info:  I run a Development Workstation which was running at least 5
> installations of GNU/Linux:
> 
>    sda          Master system (which one was booted)
>    sdd          Chroot Debian/Sid
>    sde          Chroot Debian/Etch
>    sdf          Chroot Debian/Sarge
>    sdg          Chroot Debian/Woody
> 
> I was running 4 X server at once and the Master-System was only
> accessible for Root/Administrator.
> 
> Now I have installed Xenm where sda is Dom0 and the others the DomU.
> Which mean I run fully in Dom0 and get the X server from DomU since
> I can not run the X window-system directly in the DomU and I have
> done it with the Chroots.
> 
> Any suggestions?

If you're allowing others to "touch" your console, they can do anything
anyways [like boot from a CDROM and change the root password, for one
thing]. 

If you want others to use your guest-systems, then you can allow them to
SSH into the guest-system, and use their own console for X-windows (ssh
-X works for this - this is how I access my AMD-V machine, as my
"development" is my "console system" (I do have a KVM-switch, but it's
much easier to just access the AMD-V machine through the network). 

I'm sorry if I misunderstood your problem description, and you're
actually asking/suggesting something else here. 

--
Mats
> 
> Note: If I run the Develpoment Workstation alone it is no
>       problem, but sometimes I have other peoples working
>       on it which I only partialy trust.
> 
> Greetings
>     Michelle Konzack
>     Systemadministrator
>     Tamay Dogan Network
>     Debian GNU/Linux Consultant
> 
> 
> -- 
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
> ##################### Debian GNU/Linux Consultant 
> #####################
> Michelle Konzack   Apt. 917                  ICQ #328449886
>                    50, rue de Soultz         MSN LinuxMichi
> 0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)
> 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>