This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Best way to use Xen to segment & protect

To: Nick Anderson <nick@xxxxxxxxxxxx>
Subject: Re: [Xen-users] Best way to use Xen to segment & protect
From: Rick Flower <rickf@xxxxxxxxxxxxx>
Date: Tue, 17 Feb 2009 13:29:29 -0800
Cc: "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 17 Feb 2009 13:32:24 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20090217205551.GI18265@tp>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <481F5E65-E562-413F-8D2C-5B1F698D6E66@xxxxxxxxxxxxx> <20090217205551.GI18265@tp>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Feb 17, 2009, at 12:55 PM, Nick Anderson <nick@xxxxxxxxxxxx> wrote:

On Tue, Feb 17, 2009 at 12:06:53PM -0800, Rick Flower wrote:
Hi all...
I'm a Xen newbie and was wondering about the merits of using Xen to
segment off my private data from the prying eyes & fingers of Apache/PHP hackers (something that bit me recently). If I create several DOM's --
one for Apache, 1 for mail, 1 for pgsql and 1 for my private data, is
that a good way to ensure that IF someone gets around Apache ( for
instance) that my private data will not be compromised? The server I've
got is a quad Xeon Proliant running FC6
-- Rick
It would make it just as secure as having it on a separate machine.
However if your dom0 was compromised there is nothing standing in the
way to compromise all domUs. Also if there are ever any domU root
escalation issues someone attacking through your webserver would be
able to escalate to dom0 and then have access to all of your virtual

Thanks for the info Nick... Regarding the root escalation mentioned above -- have there been issues with this in the past?

Also, I guess it would help to have the domU that Apache is using to have tools such as Tripwire and other related tools to keep thing from getting too far...

If you're in a domU, can you tell that it's a virtual server? If not then perhap it's less likely to break out and escalate to dom0...?

Is it possible to have a domU mount a different filesystem than dom0?

Sorry for the numerous questions...


-- Rick

Xen-users mailing list