From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Liguori Subject: Re: Regarding Xen security.... Date: Mon, 15 Jan 2007 14:17:03 -0600 Message-ID: <45ABE13F.7070806@linux.vnet.ibm.com> References: <0A8CFEC45B7F4C419F7543867C47442366E4F3@mailserver.nechclst.in> <280848580701150418q46ad0dedtcd250f5f4632914c@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <280848580701150418q46ad0dedtcd250f5f4632914c@mail.gmail.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: David Pilger Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org David Pilger wrote: > Search for "HVM rootkits", The vast majority of this is, as Keith Adams put its, "quasi-illiterate gibberish." http://x86vmm.blogspot.com/2006/08/blue-pill-is-quasi-illiterate.html Having VT/SVM doesn't really change anything wrt rootkits. Most of what is floating around is FUD. There's nothing you can do today that you couldn't do before VT/SVM. Regards, Anthony Liguori if your system runs without a hypervisor > and VMX/SVM is enabled in the BIOS then an attacker can gain control > over that layer. But he'll first need to gain control over the > operating system (not so difficult) in order to execute a program with > high privileges. In "VMX root operation" you have total control over > the system (parallel to ring0, one year ago). > > VT-x is intended to provide another ring of security (priviliges), > which lets hypervisors manage unmodified operating systems. > > Right now, if you are not running a hypervisor than it's not secure to > enable VT-x in the BIOS, if you do use some kind of hypervisor, then > the threat is that an attacker will find a security hole in it and > take control over that layer. Right now, there aren't any known > vulnerabilities in software the manage VMX. But I guess that the focus > of malicious people is not exactly at hypervisors. When LaGrande (for > instance) will be a part of any computer, then it will be "benefitial" > to search for vulnerabilities in this layer. > > In summary, there is a risk when no hypervisor occupies the VMX layer > and it is enabled in the BIOS. The only use of this layer by a > malicious program is for properly hiding itself from removal tools. > > Any way, here are some insights: > * If operating systems were secure enough and properly programmed then > VMX was not needed in this regard (to provide security). > * The implementation of VMX is here to take the control of the machine > from a certain operating system, treating an OS just like a "process". > * Its useful for servers that runs virtual machines, this is trivial > use of a hypervisors. > > David. > > > On 1/12/07, Praveen Kushwaha wrote: >> >> >> >> Hi Sir, >> >> I have a question regarding the security of Xen. What are >> the >> security threats in with Intel VT-x. >> >> >> >> >> >> Thanks, >> >> Praveen Kushwaha >> >> >> >> _____________________________________________________________________________________________ >> >> >> NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno Park, >> Noida | Tel: 120 436 6777 Extn 748 >> >> >> >> >> >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel >> >> >>