Mailing List Archive: beginners question concerning security

> as I'm a real beginner I would be pleased if someone can answer a maybe
> simple question.

No probs, welcome to the community!

> I'm looking for a virtaul server system to be used by diffrent entities. As
> I heard from other solutions there are often (at least small) security
> problems.
>
> Now I would like to know if it's (at least theoretical possible) that one
> user from domU_a can access domU_b or even dom0.

Nothing we know of. If there was, it'd be a bug and we'd be all over it,
getting it fixed :-) In non-trivial software it's always possible such a bug
exists but we're aiming to get high-assurance from the fact that Xen itself
is relatively small and well-reviewed.

> Btw, what makes the difference between dom0 and domU?

Dom0 is privileged to access the real machine hardware and map other domain's
memory. DomUs are only privileged to access their own resources - if they
want to do IO, they have to ask dom0. This separation is enforced by Xen, so
you can run whatever you want in a domU without compromising this privilege
difference. It is safe to allow users to compile their own kernel, for
instance.

Btw, we supply a "xen0" kernel and a "xenU" kernel for XenLinux. The
difference is that the xen0 kernel may run in *any* domain, the xenU kernel
is smaller but can only run in a domU because it doesn't have the drivers for
the "real" hardware.

> Any hint would be apprecitated..
>
> btw (I already read tfm :-))

Thanks, it's appreciated :-)

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users