WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Best way to use Xen to segment & protect

On Tue, Feb 17, 2009 at 01:29:29PM -0800, Rick Flower wrote:
> Thanks for the info Nick... Regarding the root escalation mentioned  
> above -- have there been issues with this in the past?
Yes I believe so
http://secunia.com/advisories/26986/
> Also, I guess it would help to have the domU that Apache is using to  
> have tools such as Tripwire and other related tools to keep thing from  
> getting too far...
Inside a domU you would want any protections you would have on any
other server.
> If you're in a domU, can you tell that it's a virtual server?  If not  
> then perhap it's less likely to break out and escalate to dom0...?
Yes if its a paravirtualized machine.
> Is it possible to have a domU mount a different filesystem than dom0?
> Sorry for the numerous questions...
Not quite sure what you mean here.


-- 
Nick Anderson <nick@xxxxxxxxxxxx>
http://www.cmdln.org

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users