I am beginning to write some open source programming contest software (http://threec.berlios.de). I am wondering if Xen would be a suitable jail for arbitrary and anonymous code submitted for the judging software. I''d like to ensure that code can run for only a limited time, use a limited amount of memory, and not have access to resources including the network and most of the judger''s filesystem. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Mark Williamson
2005-Oct-23 11:37 UTC
Re: [Xen-users] Using Xen as a jail for malicious code
> I am beginning to write some open source programming contest software > (http://threec.berlios.de). I am wondering if Xen would be a suitable > jail for arbitrary and anonymous code submitted for the judging > software.That''s what it was originally created for: containment of arbitrary untrusted code submitted to a Xenoserver (Xenoservers project described: http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/).> I''d like to ensure that code can run for only a limited > time, use a limited amount of memory, and not have access to resources > including the network and most of the judger''s filesystem.Yep, that''s all doable. You should obviously take precautions just in case somebody''s code actively attempts to "break out" of it''s domain but even that *shouldn''t* be possible (we don''t know of any way to do this, so if it was possible it''d be a high-priority bugfix...). Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Florian Weimer
2005-Oct-25 19:46 UTC
Re: [Xen-users] Using Xen as a jail for malicious code
* Mark Williamson:>> I am beginning to write some open source programming contest software >> (http://threec.berlios.de). I am wondering if Xen would be a suitable >> jail for arbitrary and anonymous code submitted for the judging >> software. > > That''s what it was originally created for: containment of arbitrary untrusted > code submitted to a Xenoserver (Xenoservers project described: > http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/).What about the rogue DMA problem mentioned in some of the papers? Has this been addressed? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Mark Williamson
2005-Oct-25 19:49 UTC
Re: [Xen-users] Using Xen as a jail for malicious code
> > That''s what it was originally created for: containment of arbitrary > > untrusted code submitted to a Xenoserver (Xenoservers project described: > > http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/). > > What about the rogue DMA problem mentioned in some of the papers? > Has this been addressed?Rogue DMAs was only a problem if domains have access to real devices - for unprivileged domains (the norm) which just have virtual devices it''s never been an issue. Conversely, domains which do have real device access must always be considered privileged, due to limitations of current hardware. Usually that''s just dom0, though, unless you''ve got a really advanced setup. Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Florian Weimer
2005-Dec-06 10:16 UTC
Re: [Xen-users] Using Xen as a jail for malicious code
* Mark Williamson:> Conversely, domains which do have real device access must always be > considered privileged, due to limitations of current hardware. > Usually that''s just dom0, though, unless you''ve got a really > advanced setup.Does this mean that unprivileged domains are exposed mainly through their networking stacks? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users