WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Best way to use Xen to segment & protect

from [Nick Anderson] [Permanent Link][Original]
To: Rick Flower <rickf@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] Best way to use Xen to segment & protect
From: Nick Anderson <nick@xxxxxxxxxxxx>
Date: Tue, 17 Feb 2009 15:41:12 -0600
Cc: "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 17 Feb 2009 13:42:24 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <25D58C48-CD53-4731-B75A-736D4B0E4D40@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <481F5E65-E562-413F-8D2C-5B1F698D6E66@xxxxxxxxxxxxx> <20090217205551.GI18265@tp> <25D58C48-CD53-4731-B75A-736D4B0E4D40@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17) 
On Tue, Feb 17, 2009 at 01:29:29PM -0800, Rick Flower wrote:
> Thanks for the info Nick... Regarding the root escalation mentioned  
> above -- have there been issues with this in the past?
Yes I believe so
http://secunia.com/advisories/26986/
> Also, I guess it would help to have the domU that Apache is using to  
> have tools such as Tripwire and other related tools to keep thing from  
> getting too far...
Inside a domU you would want any protections you would have on any
other server.
> If you're in a domU, can you tell that it's a virtual server?  If not  
> then perhap it's less likely to break out and escalate to dom0...?
Yes if its a paravirtualized machine.
> Is it possible to have a domU mount a different filesystem than dom0?
> Sorry for the numerous questions...
Not quite sure what you mean here.


-- 
Nick Anderson <nick@xxxxxxxxxxxx>
http://www.cmdln.org

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Best way to use Xen to segment & protect, Rick Flower
Next by Date:  RE: [Xen-users] how much memory does the hypervisor need, Gary W. Smith
Previous by Thread:  Re: [Xen-users] Best way to use Xen to segment & protect, Rick Flower
Next by Thread:  Re: [Xen-users] Best way to use Xen to segment & protect, weiming
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy