[ale] mental tinkering
Jeremy T. Bouse
jeremy.bouse at undergrid.net
Thu Mar 19 06:17:55 EDT 2009
I'm making the assumption you're using Xen given the way you describe
the proposed setup. With Xen the dom0 is the only privileged domain with
access to everything, subsequently each domU virtual machine is an
unprivileged domain and only has access to what it is given. I've not
found anyway to break out of the domU and acccess the dom0 because the
domU is never told about it. As far as the domU is concerned it is the
only machine running. If you only give the second domU (monster) access
to the inside NIC, it won't even know there is a second NIC going to the
outside.
Jim Kinney wrote:
> I have a preference for doing everything in Linux. So a
> brain[storm|strain] I was looking at was a combined firewall machine
> and office lan samba/mail/print server.
>
> OK so it sounds dumb until I throw in that the two machines are
> virtual ones. So 1 physical box with 2 nics, outside and inside. Dom0
> owns hardware and provides dom1 - firewall, and dom2 - monster all
> else. firewall get both nics and monster gets virtual on inside.
>
> Security issues with virtual machines are my concern with this. How
> much "leakage" is there possible from dom1 to break out and control
> dom0?
>
> How about dom0 as controller AND firewall and dom1 as monster?
>
> Ideas? Thoughts? Rotten vegetables?
>
More information about the Ale
mailing list