From mboxrd@z Thu Jan  1 00:00:00 1970
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Subject: Re: protecting xen startup
Date: Wed, 24 Nov 2004 00:21:37 +0000
Message-ID: <20041124002137.GJ5146@lkcl.net>
References: <20041123205152.GA5146@lkcl.net> <E1CWhp6-0004YC-00@mta1.cl.cam.ac.uk> <20041123215231.GE5146@lkcl.net> <41A3B319.6090401@fzu.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-admin@lists.sourceforge.net>
Content-Disposition: inline
In-Reply-To: <41A3B319.6090401@fzu.cz>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: Jan Kundr?t <jan.kundrat@fzu.cz>
Cc: Ian Pratt <Ian.Pratt@cl.cam.ac.uk>, Mark Williamson <maw48@hermes.cam.ac.uk>, xen-devel@lists.sourceforge.net
List-Id: xen-devel@lists.xenproject.org

On Tue, Nov 23, 2004 at 11:00:57PM +0100, Jan Kundr?t wrote:
> Luke Kenneth Casson Leighton wrote:
> > 
> > perhaps i should explain: i am looking to use xen to implement
> > a new level of paranoid security.
> > 
> > i aim to run single applications, such as firefox and
> > openoffice, in their own dedicated virtual machines, a
> > localised file server in one (or more if i can get GFS or OCFS2
> > to work) virtual machine(s), and for the applications to each
> > connect to the xen master running an x-server [nomachine isn't
> > quite suitable, i may have to write my own ssh-based x-proxy].
> 
> Do you mean running xserver in domain0? 

 um, yes.

> You should better setup separate 
> domain for it.

 really?  is that possible?

 can i run an xserver in a separate guest OS and still allow the guest
 OS direct access to the screen?

 how is that done - via a framebuffer drive?

 tellmetellme!!!!

> But are you sure that such a setup will be usable and fast enough? 

 i gonna find out :)

> > allowing a compromised guest OS to fire up another virtual
> > machine, connect to the x-server and spoof "please enter your
> > password" dialog boxes is therefore to be avoided!!!
> 
> If I'm not mistaken, you can start up new VMs only from domain0 or 
> through HTTP interface, So you can easily firewall all traffic inside 
> domain0 to local port 8000 (except for 127.0.0.1/32).
 
 yeh, *grumble*, and you can also, in selinux, ban applications from
 accessing a port.

> j.
> 

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/