Hi Everyone, Given that a lot of us run "untrusted" DomUs where the Domu administrator has full control over their PV kernel, could this Intel security issue impact the hypervisor and put other DomUs at risk? http://www.theverge.com/2012/6/18/3092949/security-vulnerability-x86-64-intel-processor Thanks
On Sun, Jun 24, 2012 at 8:42 PM, Jonathan Tripathy <jonnyt@abpni.co.uk> wrote:> Hi Everyone, > > Given that a lot of us run "untrusted" DomUs where the Domu administrator > has full control over their PV kernel, could this Intel security issue > impact the hypervisor and put other DomUs at risk? > > http://www.theverge.com/2012/6/18/3092949/security-vulnerability-x86-64-intel-processor >That page links to http://www.kb.cert.org/vuls/id/649219 which links to http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html which answers your question ;-) Yes, it''s an issue. There are patches.
On 24/06/2012 20:01, Rolu wrote:> On Sun, Jun 24, 2012 at 8:42 PM, Jonathan Tripathy<jonnyt@abpni.co.uk> wrote: >> Hi Everyone, >> >> Given that a lot of us run "untrusted" DomUs where the Domu administrator >> has full control over their PV kernel, could this Intel security issue >> impact the hypervisor and put other DomUs at risk? >> >> http://www.theverge.com/2012/6/18/3092949/security-vulnerability-x86-64-intel-processor >> > That page links to http://www.kb.cert.org/vuls/id/649219 which links > to http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html > which answers your question ;-) > > Yes, it''s an issue. There are patches.Silly me! I''ve been following the inclusion of that Xen patch as well! I just didn''t put 2+2 together. Thanks for your time!
On Sun, Jun 24, 2012 at 8:06 PM, Jonathan Tripathy <jonnyt@abpni.co.uk> wrote:> > On 24/06/2012 20:01, Rolu wrote: >> >> On Sun, Jun 24, 2012 at 8:42 PM, Jonathan Tripathy<jonnyt@abpni.co.uk> >> wrote: >>> >>> Hi Everyone, >>> >>> Given that a lot of us run "untrusted" DomUs where the Domu administrator >>> has full control over their PV kernel, could this Intel security issue >>> impact the hypervisor and put other DomUs at risk? >>> >>> >>> http://www.theverge.com/2012/6/18/3092949/security-vulnerability-x86-64-intel-processor >>> >> That page links to http://www.kb.cert.org/vuls/id/649219 which links >> to http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html >> which answers your question ;-) >> >> Yes, it''s an issue. There are patches. > > Silly me! I''ve been following the inclusion of that Xen patch as well! I > just didn''t put 2+2 together. > > Thanks for your time!Thank you for checking though -- if someone had done the same with the Linux vulnerability in 2006, Xen would have had it fixed a long time ago... -George