WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Xen Security

To: "Simon Hobson" <linux@xxxxxxxxxxxxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Xen Security
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Fri, 16 Jul 2010 09:32:04 +0100
Cc:
Delivery-date: Fri, 16 Jul 2010 01:37:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C3F905E.9030100@xxxxxxxxxxx><20100716060713.GB19848@xxxxxxxxxxxxxxxxx><4C4004FD.8010202@xxxxxxxxxxx> <p0624081dc865c344cbea@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acskv1QjW/OFNOYoQXKc8GZC3p8IdgAAgqdZ
Thread-topic: [Xen-users] Xen Security

 

Jonathan Tripathy wrote:

>Can you please explain to me some of these "side channel attacks"?

At some points, the guest and host are communicating, not to mention
that for a lot of the time, the guest is using the processor. If
there is a bug in Xen somewhere, then it's conceivable that the guest
could exploit this in several ways.

One is simply to subvert the communications between the guest and the
host - things like buffer overflows, code injection, etc that could
be used to manipulate the host into doing something that it's not
supposed to. If a guest can somehow get control of the host then all
security is out of the windows since the host has "super god" access
to everything on the machine.

If the guest can somehow subvert the security settings in the
processor then it could break out of it's virtual processor jail and
have access to the whole machine. Once again, if that happens, then
all your security goes out of the window.

Personally I don't think the risks are high, but these are complex
systems running complex code. Even the "big boys" can get things
wrong - remember the Pentium floating point bug that slipped through
all Intel's testing ?


>I've never heard of "storage reuse" before?

You have some storage used for task A. Task A is no longer required
and you destroy it. You now have a need for Task B and allocate it
some storage. Unless you fully wipe the space, then the storage
allocated to Task B may contain data previously used by Task A. This
isn't Xen specific, the same thing happens if you reuse any storage
in any form without sanitising it first.

-
--
Simon Hobson

-----------------------------------------------------------------------------------------------------------------------------------

Hi Simon,

Regarding storage "reuse", I'm guessing the best thing that I can do is zero an LV (dd if=/dev/zero of=/dev/vg/lvx) before assigning it to a public VM?

Regarding the other things, are there any unpatched known exploits in Xen? I believe that the lady that made the "Blue Pill" found one, but I think that was patched? Is there anything I can do? Or should I just relax?

It's funny that when I was using VMWare ESXi, I (any many others) were happy to mix internal and public VMs on the same machine, all because it was backed by a big company. I'm guessing the same risks apply to Xen as they do VMWare?

Thanks


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>