From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jonathan Tripathy <jonnyt@abpni.co.uk>
Subject: Security Implications of letting customers use their
	own kernel
Date: Wed, 15 Dec 2010 12:26:28 +0000
Message-ID: <4D08B3F4.7020008@abpni.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

Hi Everyone,

What are the security implications of letting customers install their 
own kernel?

In my own research, I have only seen things that would compromise their 
own DomU. My main area on concern is to protect all the other DomUs.

An area of potential concern is if someone were to build a kernel that 
enabled "No Execute" or "Disable Execution", could that compromise other 
DomUs? Or would that just leave their DomU vulnerable to running 
malicious code?

Anyone aware of anything else?

Thanks