WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] How secure is Dom0 from DomU

To: Thomas King <tking@xxxxxxxxxx>
Subject: Re: [Xen-users] How secure is Dom0 from DomU
From: thewird <thewird@xxxxxxxxx>
Date: Wed, 25 Jul 2007 08:39:39 -0400 (EDT)
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 25 Jul 2007 05:37:25 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=3Ga4iGdC3gd4MSwyc4LmyJrgN2Zvrg0eIvGeiEuYNDFkoAcFEdZVAUJxVCQ/9bzuJI6clnqjXP/msV5NAr7PyfOydFBGN+Ygrm717fa3aXxP04jymDacnnkHizZFWxFa1DJQXjglDOx68BlZQ47canH8gApefvq8fhD2+wNRHmQ=;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <OF6D0D52D9.6BF42E16-ON85257323.0043C298-85257323.00453A94@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: thewird@xxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
The DomU is an independent environment and cannot access other DomU's
or  the Dom0 regardless of the privaledges.

Marco Jorge

--- Thomas King <tking@xxxxxxxxxx> wrote:

> Hi,
> 
> I would like to understand the security implications between Dom0 and
> 
> DomU. 
> 
> Dom0 = openSUSE 10.2
> DomU = openSUSE 10.2 (paravirtualization)
> DomU = openSUSE 10.2 (full virtualization)
> DomU = WindowsXP (full virtualization)
> 
> If I must give out the DomU root (administrator) passwords, how
> secure is 
> the Dom0? Is there a difference in the security between Full and Para
> 
> virtualization? Can wrapping this in something like AppArmour resolve
> some 
> of the security issues (if there are any?) 
> 
> Thanks
> Thomas> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>