[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3 of 7] xen: allows more hypercalls from stubdoms

On 12/10/2009 19:19, "Samuel Thibault" <samuel.thibault@xxxxxxxxxxxx> wrote:

>> BTW: it cannot be worse than opening /dev/mem O_RDWR in qemu-xen, that
>> is exactly what happens at the moment.
> Sure, but the difference is that qemu-xen is known to be run as root
> in dom0, while allowing things from the hypervisor potentially hides
> security leaks in its source code.

Also, one of the advantages of stubdom is supposed to be that it contains
qemu's large attack surface within a deprivileged environment.

The hard thing about passthru in a stubdom is that every relevant hypercall
really needs to be audited and potentially redesigned so that it all works
but according to principle of least privilege.

The alternative is rather undesirable, but perhaps acceptable if we make
that choice with our eyes open to it.

 -- Keir

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.