From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean-Eric Cuendet Subject: Re: Diff between std, xen0 and xenU kernel Date: Wed, 09 Feb 2005 09:42:55 +0100 Message-ID: <4209CD0F.1080006@rptec.ch> References: <42091058.2020503@rptec.ch> <42092515.9070108@us.ibm.com> <200502082123.21117.maw48@cl.cam.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <200502082123.21117.maw48@cl.cam.ac.uk> Sender: xen-devel-admin@lists.sourceforge.net Errors-To: xen-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: To: Mark Williamson Cc: xen-devel@lists.sourceforge.net, Anthony Liguori List-Id: xen-devel@lists.xenproject.org >>>And if I run programs in the xen0 instance, will it degrade perf of >>>xenU instances? Or render them less secure (in term of isolation)? > > > It won't matter to performance any more than running applications in the > unprivileged instances would. > > Regarding security you need to keep in mind that an attacker who gains root > privileges in domain 0 will be able to get root privileges in every domain on > the machine. Thus if you're running an internet-facing machine you should > make sure that domain 0 exposes as few services to the internet as possible. That means that I should make the domain-0 as small as possible abd run only, say, ssh to administer it, but nothing else. And create other domains (which are secure and unpriviledged) for real services. Thanks for all informations. -jec ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click