WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] domU kernel

from [IDAGroup - R.W.Muller] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] domU kernel
From: "IDAGroup - R.W.Muller" <robin@xxxxxxxxxxx>
Date: Mon, 15 Oct 2007 16:10:55 -0400
Delivery-date: Mon, 15 Oct 2007 13:12:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20071015124900.GA574@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <470EF48A.5070601@xxxxxxxxxxx> <20071012045437.GA25878@xxxxxxxxxxxx> <4712B182.6050002@xxxxxxxxx> <4712B90F.8050103@xxxxxxxxxxx> <20071015124900.GA574@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
It's funny, my test installation just got hacked. I had a idiot password for domU and somebody uploaded a suKit 1.3
and I also found trace of adding a user (www) in dom0 and trying to change pathes with PATH=:.: plus doing an FTP
connection from dom0 (history of root in dom0, showed "ftp hackers.home.domain").
Ok I can confirm, that dom0 can be exposed to hacking by putting the kernel into domU.

Now the big question is: how can I install a Centos domU on Centos dom0 and have the kernel OUTSIDE domU ?

..and has already somebody installed xen-shell on Centos 5 dom0 ?

Thanks,
Robin



Christian Horn wrote: 
On Sun, Oct 14, 2007 at 08:49:19PM -0400, IDAGroup - R.W.Muller wrote:
  
Wow, if that is true then is CentOS making a big mistake.
    

Nah, they probably took the pros and cons into account and then made 
the same decision as suse did for SLES: put it all into the discfile.
Xen needs a bit more work than vmware, and this is a step to make the
handling of domUs simpler.

  
Steve Wray wrote:
    
You forgot the con.

cons: Security. You now have a domU in which a local exploit could 
result in code being executed in dom0 at the next boot of that domU. 
By the way, this actually happened. See CVE-2007-4993
      
Right, its a con. Just couldnt think of at the time of writing ;)


Christian

  
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Boot error with 2.6.23 domU, Michael Heyse
Next by Date:  Re: [Xen-users] SOlaris 10 HVM guest under rhel5 host, Christian Horn
Previous by Thread:  Re: [Xen-users] domU kernel, Christian Horn
Next by Thread:  Re: [Xen-users] domU kernel, Anand Gupta
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy