Xen and updated kernels - Tony and Robyn Lewis

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tony and Robyn Lewis <gnutered@yahoo.com.au>
To: xen-devel@lists.xensource.com
Subject: Xen and updated kernels
Date: Wed, 04 Jan 2006 12:00:26 +1100	[thread overview]
Message-ID: <43BB1E2A.1000100@yahoo.com.au> (raw)

I am enjoying playing with Xen.  Kudos for this cool technology.  We're 
thinking hard about using Xen in production for our office.

My major concern is security in the kernel.  The pre-built binaries of 
the Xenised kernels are based on 2.6.12, which is old now (last released 
in late August according to kernel.org).

Does this not put the domU guests at risk, if there are kernel exploits 
that apply to 2.6.12?  Granted, the damage is contained, but there's 
still an 0wned (virtual) server that I've now got to deal with.

Between now and when Xen gets into the mainstream kernel, what's a good 
mitigation for this risk?  *Is* it a risk?

I would like to apply the Xen patch to a maintained kernel source, in my 
case the latest Debian 2..6.12 tree (it has later patches backported to 
it).  I've tried applying it and ended up with heaps (50-ish) 
rejections.  From first glance, most of these rejections are because the 
Debian source already contains the patch that Xen tries to apply, and so 
are safe to ignore.  Not all rejections are, though, and unless there's 
a better idea (hence this email), my intent is to then go through these 
by hand and fix things up.

Hopefully it'll be a one-off task.  I can use the new tree and the 
original to generate my own xen-3.0-to-debian-2.6.12-blah.patch.  When a 
new Debian 2.6.12 comes out, this patch should apply fairly cleanly.

Again, is this worth doing?

Tony Lewis

next             reply	other threads:[~2006-01-04  1:00 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-04  1:00 Tony and Robyn Lewis [this message]
2006-01-04  2:27 ` Xen and updated kernels Mark Williamson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43BB1E2A.1000100@yahoo.com.au \
    --to=gnutered@yahoo.com.au \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.