| To: | Nick Anderson <nick@xxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-users] Best way to use Xen to segment & protect |
| From: | weiming <zephyr.zhao@xxxxxxxxx> |
| Date: | 2009年2月17日 16:56:58 -0500 |
| Cc: | "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>, Rick Flower <rickf@xxxxxxxxxxxxx> |
| Delivery-date: | 2009年2月17日 13:58:14 -0800 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=9NPKijsBbj+S+OO0pWE4X31RttVC783A8kwO9zEQQeM=; b=qb6KAnQpbX+tUBMatQW1ISsp0e3AD/iAybqgNdXTH8ck4TNrL5Uqt3C7QfNqz7HT4o kQFldkk55N1pWxQzDa2Sh+2nzA/fSU/YzT4Utp1NkoyagpoVS3V01Y/TBSRwXpugqhZK 3CJOoWXKD1+v3Nkl4SJBqk5Kjjz2GdiLBtVp0= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=sixhlGQ85VOfimOTJq2/oBE/yvGCCJB+nSowm1ZcgkJEc5Snh8sqMQK3h2zKsfXlGt TDu/4A+VEF1MQZI8VJUOnTHo4+njPe9FLyBcKUlnmBTi3LuaKTVc6/ypJjygTLTAw+1L 3boRlFh0DvGyhVaZOFypdRV/9ZlvnOyeAT5VI= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <20090217214112.GK18265@tp > |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| References: | <481F5E65-E562-413F-8D2C-5B1F698D6E66@xxxxxxxxxxxxx> <20090217205551.GI18265@tp > <25D58C48-CD53-4731-B75A-736D4B0E4D40@xxxxxxxxxxxxx> <20090217214112.GK18265@tp > |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
On Tue, Feb 17, 2009 at 01:29:29PM -0800, Rick Flower wrote:Yes I believe so
> Thanks for the info Nick... Regarding the root escalation mentioned
> above -- have there been issues with this in the past?
http://secunia.com/advisories/26986/
> Also, I guess it would help to have the domU that Apache is using toInside a domU you would want any protections you would have on any
> have tools such as Tripwire and other related tools to keep thing from
> getting too far...
other server.
> If you're in a domU, can you tell that it's a virtual server? If notYes if its a paravirtualized machine.
> then perhap it's less likely to break out and escalate to dom0...?
> Is it possible to have a domU mount a different filesystem than dom0?Not quite sure what you mean here.
> Sorry for the numerous questions...
--
Nick Anderson <nick@xxxxxxxxxxxx>http://www.cmdln.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmbLvgACgkQXkxp94vgneadyQCeJi7asoe76GoNsGP薳舟䡼
Co8AoIXovsJ7ESdPCpplNiqcYjaLX2Se
=ItZu
-----END PGP SIGNATURE-----
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-users] XEN and NICS , Hans Pfeil |
|---|---|
| Next by Date: | Re: [Xen-users] Best way to use Xen to segment & protect , Rick Flower |
| Previous by Thread: | Re: [Xen-users] Best way to use Xen to segment & protect , Nick Anderson |
| Next by Thread: | Re: [Xen-users] Best way to use Xen to segment & protect , Rick Flower |
| Indexes: | [Date] [Thread] [Top] [All Lists] |