WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Re: malicious paravirtualized guests: security andisolat

To: "Vasiliy Baranov" <vasiliy.baranov@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Wed, 12 Nov 2008 13:21:36 +1100
Cc:
Delivery-date: Tue, 11 Nov 2008 18:22:17 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <e4a2b0250811060515y6a898342u372768672e7365a@xxxxxxxxxxxxxx> <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclECuc9AHZLMRn1TGaOjL+RFUKKCwAYgsFA
Thread-topic: [Xen-users] Re: malicious paravirtualized guests: security andisolation
>       Hi,
> 
>       I have a question about isolation and security guarantees Xen
> provides, if any, in cases when domU guests are not completely
trusted,
> that is, can be malicious. Right now I am specifically interested in
the
> scenario where all guests are paravirtualized, but HVM case is of some
> interest too.
> 
>       Say, I want to let my users run their own guests on a Xen host
that
> I own. Users will bring their own disk images. I don't completely
trust my
> users. Does the use of Xen guarantees that malicious guests will be
unable
> to harm other guests or the entire host in any way (for example, kill
the
> entire host)? It is interesting to know both what is guaranteed in
theory
> (that is, if Xen and dom0 work as designed) and how things go in
practice.
> 
>       If I disallow users to use their kernels, that is, if I run
guests
> with my own kernel(s) only, will that improve the situation? How about
> loadable kernel modules? If I allow Linux guests to load their custom
> kernel modules, will that nullify the effect of using trusted kernels?
> 
>       I currently use Xen 3.1.4, if that matters.
> 

When developing the Windows GPLPV drivers I crashed my Dom0 (and
therefore all DomU's) on a few occasions. That was under 3.0.3, 3.0.4,
and possibly some early 3.1.x versions of Xen. As crashing was the exact
opposite of what I was trying to do, I didn't pursue it, but obviously
it has been possible in the past to cause a crash by doing something
wrong in the PV side of things.

Is there a limit on the amount of data you can write to the xenstore?
Overflowing some limit in xenstore could be one method of causing a
crash.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users