North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OT: Xen

  • From: Matthew Palmer
  • Date: Mon Apr 03 19:52:30 2006

On Mon, Apr 03, 2006 at 12:05:25PM -0700, Eric Frazier wrote:
> machine for stuff I know could lead to problems like that. But that brings 
> up another question, how far isolated are different instances from each 
> other really?

Fairly well -- a lot better than (eg) vservers, and almost certainly better
than UMLs.  To get into the host, you'd need to subvert one of the backend
drivers via the guest in such a way that you got the ability to run some
sort of subversive command in the host.  The possibility of a DoS (crash) is
much higher than a take-over compromise, but even then it's not something
I'd be inclined to worry about deeply.

- Matt