thr3ads.net - Xen users - [Xen-users] How secure is Dom0 from DomU [Jul 2007]

If this information is useful, please help other people find it:
Share via:

Thomas King

2007-Jul-25 12:35 UTC

[Xen-users] How secure is Dom0 from DomU

Hi,

I would like to understand the security implications between Dom0 and 
DomU. 

Dom0 = openSUSE 10.2
DomU = openSUSE 10.2 (paravirtualization)
DomU = openSUSE 10.2 (full virtualization)
DomU = WindowsXP (full virtualization)

If I must give out the DomU root (administrator) passwords, how secure is 
the Dom0? Is there a difference in the security between Full and Para 
virtualization? Can wrapping this in something like AppArmour resolve some 
of the security issues (if there are any?) 

Thanks
Thomas

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

thewird

2007-Jul-25 12:39 UTC

head link

Re: [Xen-users] How secure is Dom0 from DomU

The DomU is an independent environment and cannot access other DomU''s
or  the Dom0 regardless of the privaledges.

Marco Jorge

--- Thomas King <tking@ca.ibm.com> wrote:
> Hi,
> 
> I would like to understand the security implications between Dom0 and
> 
> DomU. 
> 
> Dom0 = openSUSE 10.2
> DomU = openSUSE 10.2 (paravirtualization)
> DomU = openSUSE 10.2 (full virtualization)
> DomU = WindowsXP (full virtualization)
> 
> If I must give out the DomU root (administrator) passwords, how
> secure is 
> the Dom0? Is there a difference in the security between Full and Para
> 
> virtualization? Can wrapping this in something like AppArmour resolve
> some 
> of the security issues (if there are any?) 
> 
> Thanks
> Thomas> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

James Harper

2007-Jul-25 13:18 UTC

head link

RE: [Xen-users] How secure is Dom0 from DomU

> 
> The DomU is an independent environment and cannot access other
DomU''s
> or  the Dom0 regardless of the privaledges.
> 
It''s an interesting question though... what would be the implications
if
a buffer overflow was found either in the hypervisor or in a Dom0
backend device driver. Maybe a deliberately malformed disk or network
request could overflow something in Dom0 and give you root access there?

Can anyone in the know comment on this?

Thanks

James

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - Jul 2007 - How secure is Dom0 from DomU

[Xen-users] How secure is Dom0 from DomU

Re: [Xen-users] How secure is Dom0 from DomU

RE: [Xen-users] How secure is Dom0 from DomU