Hi List, as I''m a real beginner I would be pleased if someone can answer a maybe simple question. I''m looking for a virtaul server system to be used by diffrent entities. As I heard from other solutions there are often (at least small) security problems. Now I would like to know if it''s (at least theoretical possible) that one user from domU_a can access domU_b or even dom0. Btw, what makes the difference between dom0 and domU? Any hint would be apprecitated.. btw (I already read tfm :-)) cheers _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Mark Williamson
2005-Jul-11 12:29 UTC
Re: [Xen-users] beginners question concerning security
> as I''m a real beginner I would be pleased if someone can answer a maybe > simple question.No probs, welcome to the community!> I''m looking for a virtaul server system to be used by diffrent entities. As > I heard from other solutions there are often (at least small) security > problems. > > Now I would like to know if it''s (at least theoretical possible) that one > user from domU_a can access domU_b or even dom0.Nothing we know of. If there was, it''d be a bug and we''d be all over it, getting it fixed :-) In non-trivial software it''s always possible such a bug exists but we''re aiming to get high-assurance from the fact that Xen itself is relatively small and well-reviewed.> Btw, what makes the difference between dom0 and domU?Dom0 is privileged to access the real machine hardware and map other domain''s memory. DomUs are only privileged to access their own resources - if they want to do IO, they have to ask dom0. This separation is enforced by Xen, so you can run whatever you want in a domU without compromising this privilege difference. It is safe to allow users to compile their own kernel, for instance. Btw, we supply a "xen0" kernel and a "xenU" kernel for XenLinux. The difference is that the xen0 kernel may run in *any* domain, the xenU kernel is smaller but can only run in a domU because it doesn''t have the drivers for the "real" hardware.> Any hint would be apprecitated.. > > btw (I already read tfm :-))Thanks, it''s appreciated :-) Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Possibly Parallel Threads
- arping between two xen0 works, ping doesn''t (not checksum issue)
- errors in logs - kernel: XFS (dm-7): xlog_space_left: head behind tail
- Virtual Machine converted from physical : Kernel Panic at boot .
- some beginnerkernel questions
- Problem with Windows on Xen