WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Should applications be running on Dom0

To: Nathan Eisenberg <nathan@xxxxxxxxxxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Should applications be running on Dom0
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Tue, 17 Aug 2010 20:55:28 +0100
Cc:
Delivery-date: Tue, 17 Aug 2010 12:56:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <8C26A4FDAE599041A13EB499117D3C28164832D6@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTik_z=795d6SMJMLvvEwO-xcBXZoFCVdXr9bo1hy@xxxxxxxxxxxxxx> <46C13AA90DB8844DAB79680243857F0F0AFE3E@xxxxxxxxxxxxxxxxxxx> <8C26A4FDAE599041A13EB499117D3C28164832D6@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6
Hi Nathan,

Well, the bottom line is that if there is nothing running then there is nothing to hack.

Xen is a very secure hypervisor. Infact, there are no known open exploits. So, "breaking out" of a guest is extremely unlikely. It's all about reducing your chances and determining what risks are acceptable to you. The only way to be 100% safe and secure is to not own any servers at all - but then many of us would be out of jobs!

So, to answer your question, there isn't a specific example I can give - it's all about reducing risk.

On 17/08/10 20:47, Nathan Eisenberg wrote:

I hear this often, but I have yet to hear a satisfactory and technical explanation as to why.  I’m not sure I agree that it is true.

 

Why is this the case?

 

-Nathan

 

From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jonathan Tripathy
Sent: Tuesday, August 17, 2010 12:35 PM
To: Brent Bolin; Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-users] Should applications be running on Dom0

 

Depends on what your Xen setup is being used for.

 

If it's strictly lab/testing/internal things, then it really doesn't matter

 

If you're hosting stuff to the outside world, then the only thing that should be running on the Dom0 (apart from the Xen Guests), is iptables to firewall the guests.

 


From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Brent Bolin
Sent: Tue 17/08/2010 20:27
To: Xen-users
Subject: [Xen-users] Should applications be running on Dom0

Or should Dom0 be lightweight with guest o/s's be doing that?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users