0wning Xen … In More Detail

Over at her own blog, Joanna Rutkowska from Invisible Things has some updates on their findings about Xen security as we earlier reported.

Joanna argues that most of the attacks presented indeed require that the attacker first gains access to the Dom0 before he can launch the attacks but that doesn’t take away the severeness of the issues.

Other rootkits also require for the attacker to first gain root access before he can hide his toolset from the eyes of the administrator.

She continues to argue that other attacks already provide people with potential access from DomU to Dom0 via a virtual machine escape bug

But even there the attacker first has to gain root in the DomU before he can potentially climb up to Dom0

Still there’s a significant difference in gaining (root) access, and hiding the fact that you got it. But indeed neither of both should be possible

About the author

Kris Buytaert is a long time Linux and Open Source Consultant active in Belgium , Europe and the rest of the universe. He is currently working for Inuits Kris is the Co-Author of Virtualization with Xen ,used to be the maintainer of the openMosix HOWTO and author of different technical publications. He is frequently speaking at, or organizing different international conferences He spends most of his time working on Linux Clustering (both High Availability, Scalability and HPC), Virtualisation and Large Infrastructure Management projects hence trying to build infrastructures that can survive the 10th floor test, better known today as the cloud while actively promoting the devops idea ! His blog titled "Everything is a Freaking DNS Problem" can be found at http://www.krisbuytaert.be/blog/

Leave a Comment

Powered by WordPress | Deadline Theme : An AWESEM design