Is it possible to get dom0 access from domU? And if I have dom0 access, what are the threats to domU? Is it possible to simulate an attack on dom0 or domU? I need a urgent help, As my academic work I am working on it. _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Is it possible to get dom0 access from domU? And if I have dom0 access, what are the threats to domU? Is it possible to simulate an attack on dom0 or domU? I need a urgent help, As my academic work I am working on it. If you want moderately secure access to Dom0, put it on the intranet (network) with a static IP and setup SSH. With SSH and pam.d configured it can be as secure as you need it. With SSH you gain console access (all you really need for Xen controls), file transfer access via SFTP, and with console you can even temporarily enable services for say a video connection to Dom0 (if you intend to use GUI applications). I know that there are security risks with shared devices from Dom0 to DomU, including PCI Passthrough, but I can''t really help you on the details with that end of things. I''m sure other users can contribute more on the security aspects, I am more for functionality. ~Casey On Sat, May 12, 2012 at 4:26 PM, Omkar Kulkarni <om.kulkarni41@gmail.com>wrote:> Is it possible to get dom0 access from domU? And if I have dom0 access, > what are the threats to domU? Is it possible to simulate an attack on dom0 > or domU? I need a urgent help, As my academic work I am working on it. > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
If you control the dom0, you have full access to the domU; the dom0, as it is controls the native hardware, could read or alter the memory and storage of the domU with impunity. As for gaining dom0 access from a domU, it depends on how the machine is configured. However, assuming you''re referring to attacks are specific to attacking a dom0 from a domU, there are no (to my knowledge) known current exploits, but as a rule, these are based on exploiting virtualized devices (e.g., exploiting QEMU rather than Xen itself). On Sat, May 12, 2012 at 4:26 PM, Omkar Kulkarni <om.kulkarni41@gmail.com>wrote:> Is it possible to get dom0 access from domU? And if I have dom0 access, > what are the threats to domU? Is it possible to simulate an attack on dom0 > or domU? I need a urgent help, As my academic work I am working on it. > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users > >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
That reminds me of a summary of what the recent ESX source code leak implied. Something about getting the hypervisor to call VMEXIT with a buffer overrun to export a malicious payload up to ring -1; really whacky stuff (from my point of view :D). There was a /great/ thread on the list the last month, discussing potential security implications of pygrub, you can browse through it here: http://lists.xen.org/archives/html/xen-users/2012-04/msg00460.html That said, giving access to Dom0 from a DomU gives you control over the Dom0, and in essence the whole system. Don''t let DomU access Dom0 unless you trust the DomU with control over the whole machine, and all the VMs running within it! Cheers, Andrew Bobulsky On Sat, May 12, 2012 at 4:41 PM, John Sherwood <jrs@vt.edu> wrote:> If you control the dom0, you have full access to the domU; the dom0, as it > is controls the native hardware, could read or alter the memory and storage > of the domU with impunity. > > As for gaining dom0 access from a domU, it depends on how the machine is > configured. However, assuming you''re referring to attacks are specific to > attacking a dom0 from a domU, there are no (to my knowledge) known current > exploits, but as a rule, these are based on exploiting virtualized devices > (e.g., exploiting QEMU rather than Xen itself). > > On Sat, May 12, 2012 at 4:26 PM, Omkar Kulkarni <om.kulkarni41@gmail.com> > wrote: >> >> Is it possible to get dom0 access from domU? And if I have dom0 access, >> what are the threats to domU? Is it possible to simulate an attack on dom0 >> or domU? I need a urgent help, As my academic work I am working on it. >> >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xen.org >> http://lists.xen.org/xen-users >> > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users
You''ve not really given us much to go on but the question is why do they need it? If they need it to manage the server then giving them access to dom0 from a domu makes no difference than giving access to the world by giving them the root password. Dom0 should be treated like a domu, it is in itself a VM only is has more functionaility and can obviously destroy the server in the wrong hands. This is of course assuming you have no lock down on dom0 with iptables etc. In answer to the question about threat to domu, probably not much if it is just SSH access. I think you need to give more info on how your current system is configured and what the reasons are for the requirement you have specified. Personally I wouldn''t want anyone having access to dom0 unless it was for management purposes and then they would be accountable for anything going wrong. Ian From: xen-users-bounces@lists.xen.org [mailto:xen-users-bounces@lists.xen.org] On Behalf Of Omkar Kulkarni Sent: 12 May 2012 21:26 To: xen-users@lists.xen.org Subject: [Xen-users] Need help Is it possible to get dom0 access from domU? And if I have dom0 access, what are the threats to domU? Is it possible to simulate an attack on dom0 or domU? I need a urgent help, As my academic work I am working on it. _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
I am a student of engineering from India. I am working on my single laptop only. As a part of my academic study I an working on xen security issues. In this study, I need to simulate a simple or any attack to dom0 or domU like hijacking , or denial of service attack etc. I want to ask, how can i exploit domU or dom0 from domU. Is there any procedure/steps/material to do that? I need an urgent help On Sun, May 13, 2012 at 2:58 AM, Ian Tobin <itobin@tidyhosts.com> wrote:> You’ve not really given us much to go on but the question is why do they > need it?**** > > ** ** > > If they need it to manage the server then giving them access to dom0 from > a domu makes no difference than giving access to the world by giving them > the root password. Dom0 should be treated like a domu, it is in itself a VM > only is has more functionaility and can obviously destroy the server in the > wrong hands. This is of course assuming you have no lock down on dom0 with > iptables etc.**** > > ** ** > > In answer to the question about threat to domu, probably not much if it is > just SSH access.**** > > ** ** > > I think you need to give more info on how your current system is > configured and what the reasons are for the requirement you have specified. > **** > > ** ** > > Personally I wouldn’t want anyone having access to dom0 unless it was for > management purposes and then they would be accountable for anything going > wrong.**** > > ** ** > > Ian **** > > ** ** > > ** ** > > *From:* xen-users-bounces@lists.xen.org [mailto: > xen-users-bounces@lists.xen.org] *On Behalf Of *Omkar Kulkarni > *Sent:* 12 May 2012 21:26 > *To:* xen-users@lists.xen.org > *Subject:* [Xen-users] Need help**** > > ** ** > > Is it possible to get dom0 access from domU? And if I have dom0 access, > what are the threats to domU? Is it possible to simulate an attack on dom0 > or domU? I need a urgent help, As my academic work I am working on it.**** >-- Regards: *Omkar Kulkarni Ph:09420816727* _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
There is no off the shelf exploit for doing that. It is possible that some unknown vulnerability exists and maybe you could find it if you work hard enough on it, but there is no known exploit like this at this time. You should probably pick a different (easier) project for your academic study if you have some urgent time constraints (such as a due date for your project). -----Original Message----- From: xen-users-bounces@lists.xen.org [mailto:xen-users-bounces@lists.xen.org] On Behalf Of Omkar Kulkarni Sent: Saturday, May 12, 2012 4:42 PM To: Ian Tobin Cc: xen-users@lists.xen.org Subject: Re: [Xen-users] Need help I am a student of engineering from India. I am working on my single laptop only. As a part of my academic study I an working on xen security issues. In this study, I need to simulate a simple or any attack to dom0 or domU like hijacking , or denial of service attack etc. I want to ask, how can i exploit domU or dom0 from domU. Is there any procedure/steps/material to do that? I need an urgent help On Sun, May 13, 2012 at 2:58 AM, Ian Tobin <itobin@tidyhosts.com> wrote: You''ve not really given us much to go on but the question is why do they need it? If they need it to manage the server then giving them access to dom0 from a domu makes no difference than giving access to the world by giving them the root password. Dom0 should be treated like a domu, it is in itself a VM only is has more functionaility and can obviously destroy the server in the wrong hands. This is of course assuming you have no lock down on dom0 with iptables etc. In answer to the question about threat to domu, probably not much if it is just SSH access. I think you need to give more info on how your current system is configured and what the reasons are for the requirement you have specified. Personally I wouldn''t want anyone having access to dom0 unless it was for management purposes and then they would be accountable for anything going wrong. Ian From: xen-users-bounces@lists.xen.org [mailto:xen-users-bounces@lists.xen.org] On Behalf Of Omkar Kulkarni Sent: 12 May 2012 21:26 To: xen-users@lists.xen.org Subject: [Xen-users] Need help Is it possible to get dom0 access from domU? And if I have dom0 access, what are the threats to domU? Is it possible to simulate an attack on dom0 or domU? I need a urgent help, As my academic work I am working on it. -- Regards: Omkar Kulkarni Ph:09420816727 _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Omkar Kulkarni wrote:>I am a student of engineering from India. I am working on my single >laptop only. As a part of my academic study I an working on xen >security issues. In this study, I need to simulate a simple or any >attack to dom0 or domU like hijacking , or denial of service attack >etc. I want to ask, how can i exploit domU or dom0 from domU. Is >there any procedure/steps/material to do that? I need an urgent helpFirstly, have a read of this (read the whole document, not just the bit this link takes you to) : http://www.catb.org/~esr/faqs/smart-questions.html#urgent Lack of planning on your part does not constitute an emergency on ours. In other words, saying "I need urgent help" does not get you special treatment - you should have asked the questions earlier when it wasn''t urgent. In theory, since the hypervisor runs code from DomU, then it is possible that if a flaw (bug) exists in the hypervisor then it could be used by malicious code to cause either a crash (denial of service) or code execution. As already mentioned, there are no known exploits - if there were then they would have been fixed. A second attack vector might be via the boot process. If Dom0 is using PyGrub to load and execute a kernel & initrd from the DomU filesystem in order to start a DomU, then there is a theoretical risk that a carefully crafted DomU filesystem could exploit a flaw in the filesystem access libraries used by PyGrub. Again, non are known about. Then there are things like USB/PCI/VGA passthrough where control over system resources is passed over to a guest. This implies an elevated level of access to the hardware - and hence a risk of exploiting a flaw (which may in fact be a hardware flaw). Lastly, I believe there are commands to send messages to the guest - eg a script in Dom0 can signal the guest to sync it''s buffers out to disk. Again, there is the potential for flaws in that to allow a carefully crafted response to cause a crash or arbitrary code execution. But since the response is (I''m guessing) no more than a small integer, I doubt that there is much scope there. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books.
On Sat, 2012-05-12 at 21:26 +0100, Omkar Kulkarni wrote:> Is it possible to get dom0 access from domU? And if I have dom0 > access, what are the threats to domU? Is it possible to simulate an > attack on dom0 or domU? I need a urgent help, As my academic work I am > working on it.I suggest you ask your academic advisor for assistance, it is not appropriate to ask people on this list to do your homework for you. If you have specific technical questions, rather then broad open ended requests, then I''m sure people will be happy to help answer them but you need to some initial legwork yourself. This is xen-users not xen-devel but I still recommend you read http://wiki.xen.org/wiki/Asking_Xen_Devel_Questions before posting again. Ian.
On Sun, 2012-05-13 at 18:37 +0100, Simon Hobson wrote:> In theory, since the hypervisor runs code from DomU, then it is > possible that if a flaw (bug) exists in the hypervisor then it could > be used by malicious code to cause either a crash (denial of service) > or code execution. As already mentioned, there are no known exploits > - if there were then they would have been fixed.And if not then we would really appreciate notification to security@xen.org rather than discussion on xen-users, at least to start with ;-) Ian.