WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen Security

To: Vern Burke <vburke@xxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Xen Security
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Fri, 16 Jul 2010 08:05:43 +0100
Cc:
Delivery-date: Fri, 16 Jul 2010 00:06:14 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C3FB19B.104@xxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C3F905E.9030100@xxxxxxxxxxx> <4C3F94C3.5050207@xxxxxxxxxxx> <4C3FB19B.104@xxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
Hi Vern,

So you think I should just set up my networking properly and forget about the rest? Do you feel it ok to share the same Xen host with internal VMs with public VMs?

Thanks


On 16/07/10 02:10, Vern Burke wrote:
I have no idea how you could actually PROVE that there's no possible way someone could break out of a dom U into the dom 0. As I've written before, since Xen is out and about in such a large way (being the underpinning of Amazon EC2) that if there was a major risk of this, we'd have seen it happen already.

Vern Burke

SwiftWater Telecom
http://www.swiftwatertel.com
ISP/CLEC Engineering Services
Data Center Services
Remote Backup Services

On 7/15/2010 7:07 PM, Jonathan Tripathy wrote:

On 15/07/10 23:49, Jonathan Tripathy wrote:
Hi Everyone,

My Xen host currently run DomUs which contain some very sensitive
information, used by our company. I wish to use the same server to
host some VMs for some customers. If we assume that networking is set
up securely, are there any other risks that I should worry about?

Is Xen secure regarding "breaking out" of the VM?

Thanks

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the way.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>