[89748] in North American Network Operators' Group
Re: OT: Xen
daemon@ATHENA.MIT.EDU (Matthew Palmer)
Mon Apr 3 19:51:48 2006
Date: Tue, 4 Apr 2006 08:11:32 +1000
From: Matthew Palmer <mpalmer@hezmatt.org>
To: nanog list <nanog@merit.edu>
In-Reply-To: <6.1.1.1.2.20060403120237.03712a48@mail.dmcontact.com>
Errors-To: owner-nanog@merit.edu
On Mon, Apr 03, 2006 at 12:05:25PM -0700, Eric Frazier wrote:
> machine for stuff I know could lead to problems like that. But that brings
> up another question, how far isolated are different instances from each
> other really?
Fairly well -- a lot better than (eg) vservers, and almost certainly better
than UMLs. To get into the host, you'd need to subvert one of the backend
drivers via the guest in such a way that you got the ability to run some
sort of subversive command in the host. The possibility of a DoS (crash) is
much higher than a take-over compromise, but even then it's not something
I'd be inclined to worry about deeply.
- Matt
