This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] Re: malicious paravirtualized guests: security andisolat

To: "Vasiliy Baranov" <vasiliy.baranov@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Wed, 12 Nov 2008 13:21:36 +1100
Delivery-date: Tue, 11 Nov 2008 18:22:17 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <e4a2b0250811060515y6a898342u372768672e7365a@xxxxxxxxxxxxxx> <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclECuc9AHZLMRn1TGaOjL+RFUKKCwAYgsFA
Thread-topic: [Xen-users] Re: malicious paravirtualized guests: security andisolation
>       Hi,
>       I have a question about isolation and security guarantees Xen
> provides, if any, in cases when domU guests are not completely
> that is, can be malicious. Right now I am specifically interested in
> scenario where all guests are paravirtualized, but HVM case is of some
> interest too.
>       Say, I want to let my users run their own guests on a Xen host
> I own. Users will bring their own disk images. I don't completely
trust my
> users. Does the use of Xen guarantees that malicious guests will be
> to harm other guests or the entire host in any way (for example, kill
> entire host)? It is interesting to know both what is guaranteed in
> (that is, if Xen and dom0 work as designed) and how things go in
>       If I disallow users to use their kernels, that is, if I run
> with my own kernel(s) only, will that improve the situation? How about
> loadable kernel modules? If I allow Linux guests to load their custom
> kernel modules, will that nullify the effect of using trusted kernels?
>       I currently use Xen 3.1.4, if that matters.

When developing the Windows GPLPV drivers I crashed my Dom0 (and
therefore all DomU's) on a few occasions. That was under 3.0.3, 3.0.4,
and possibly some early 3.1.x versions of Xen. As crashing was the exact
opposite of what I was trying to do, I didn't pursue it, but obviously
it has been possible in the past to cause a crash by doing something
wrong in the PV side of things.

Is there a limit on the amount of data you can write to the xenstore?
Overflowing some limit in xenstore could be one method of causing a


Xen-users mailing list