Re: [suse-security] does xen improve security?

newer
openSUSE hack

older
portmap only for local interfaces

Crispin Cowan

23 Sep 2005 23 Sep '05

10:05

Joe Knall wrote:

...

Hi all,

imagine a ftpserver and a webserver running in two xen virtual machines on one box; now say the ftpserver is hacked, the attacker gains root privileges; How much does xen protect the other vm (webserver) against the attacker? Is it as if the webserver was running on a different physical box? In /usr/share/doc/packages/xen the main focus seems to be flexibility rather than security. Anyone with experience?

Running services in separate virtual machines does provide you with *some* security protection, but with 2 major limits: 1. The security of the containment provided by Xen is questionable. Xen 2.0.6 when attacked by crashme lives for only seconds http://lists.xensource.com/archives/html/xen-devel/2005-08/msg00103.html That means that if you feed "strange" sequences of instructions to a Xen virtual machines, then unpredictable things can happen. Some of those surprising things amount to a way to escape from the virtual machine, which means that it is relatively easy for attackers to find an exploit that would let them hack you. This vulnerability is *conjectured*, but there is no assurance of security either. 2. Virtual machines provide you with *isolation*, which is not very flexible. For instance if you have the FTP server on a separate VM than your web server, then you cannot use the FTP server to update the web pages. In contrast, Novell AppArmor was designed specifically for the purpose of securely confining things like your FTP and web servers. I actually presented a tutorial on exactly this topic at Novell Brainshare last week in Barcelona. Here is the official page https://www28.cplan.com/novell_91_cv/session_details.jsp?isid=274760&ilocation_id=91-1&ilanguage=english and here is a copy of the talk http://crispincowan.com/~crispin/TUT304_final.sxi Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com

Show replies by date

Henning Hucke

24 Sep 24 Sep

09:01

New subject: Advertising in suse-security? (was "Re: does xen improve security?")

On Fri, 23 Sep 2005, Crispin Cowan wrote:

...

[...] In contrast, <Novell product> was designed specifically for the purpose of securely confining things like your FTP and web servers. I actually [...]

Crispin, I know that its effectivly Novell running this mailing list but you _will_ - as far as I learned this mailing list over the years - loose some experienced security specialists in this list if you should transform it into a product propagation platform...

...

From my point of view Novell is nonetheless already on the way to destroy SuSE linux like CBM was in the end on its way to destroy the Amiga platform (maybe faster than Novell will do its job).

While we generally speak over XEN you also didn't mention that both of your points may likely loose substance if you run XEN on a VMS capable processor. Last but not least you managed it to emit your mail without reference headers to chain the ML mails in the thread ("In-Reply-To", "References"). This is bad practise and IMHO not worth a technician or worth a company like Novell/SuSE (choose the matching depending on where the error happened). Regards Henning Hucke -- If at first you don't succeed, try, try again.

Carlos E. R.

18:47

New subject: [suse-security] Advertising in suse-security? (was "Re: does xen improve security?")

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2005-09-24 at 11:01 +0200, Henning Hucke wrote:

...

Last but not least you managed it to emit your mail without reference headers to chain the ML mails in the thread ("In-Reply-To", "References"). This is bad practise and IMHO not worth a technician or worth a company like Novell/SuSE (choose the matching depending on where the error happened).

And it is weird as he is using "Mozilla Thunderbird 1.0.6" in Linux. A number of Novell people I know used "Novell GroupWise Internet Agent 6.5.4", which is known for not being thread aware. I understand the new version has being corrected, but the developers took some convincing, some say :-P - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDNZ8ztTMYHG2NR9URAvevAJ9h4GfONW8el0JHQkjbCOuYRNeh9ACfVFY9 GG+Sluxi8O5uMi+E8ydT3BE= =MHxG -----END PGP SIGNATURE-----

Anders Johansson

19:02

New subject: [suse-security] Advertising in suse-security? (was "Re: does xen improve security?")

On Saturday 24 September 2005 11:01, Henning Hucke wrote:

...

On Fri, 23 Sep 2005, Crispin Cowan wrote:

...
[...] In contrast, <Novell product> was designed specifically for the purpose of securely confining things like your FTP and web servers. I actually [...]

Crispin, I know that its effectivly Novell running this mailing list but you _will_ - as far as I learned this mailing list over the years - loose some experienced security specialists in this list if you should transform it into a product propagation platform...

Attachments get stripped out, so there's hardly any propagation going on. I also don't think a single mention of a product by someone who's clearly labelled himself as @novell.com (i.e. no astro turfing) can be considered propaganda

...

From my point of view Novell is nonetheless already on the way to destroy SuSE linux like CBM was in the end on its way to destroy the Amiga platform (maybe faster than Novell will do its job).

Interesting observation. From where I'm standing, aside from opening up bugzilla and making the beta testing more open, there is absolutely no difference from what went on before the takeover. Which differences do you imagine yourself seeing?

Henning Hucke

25 Sep 25 Sep

09:25

New subject: Advertising in suse-security?

On Sat, 24 Sep 2005, Anders Johansson wrote:

...

[...] I also don't think a single mention of a product by someone who's clearly labelled himself as @novell.com (i.e. no astro turfing) can be considered propaganda

Your opinion. I just sated mine.

...

[...] Interesting observation. From where I'm standing, aside from opening up bugzilla and making the beta testing more open, there is absolutely no difference from what went on before the takeover.

Which differences do you imagine yourself seeing?

Trying to transform a server platform into something about which is stated that it (also!?) matches user needs without the need to really administer the system. Or from another point of view: If you for instance don't maintain appropriate documentation about rpm you loose "developers" who maintain this huge repository of packages. Where do I find hints or real documentation about how to build patch rpms? Why do I need a *login* to get this "Documentation: SUSE Package Conventions"? This all gets closed up instead of more opened. Regards Henning Hucke -- Set the cart before the horse. -- John Heywood

Marcus Meissner

09:43

New subject: [suse-security] Re: Advertising in suse-security?

...

Or from another point of view: If you for instance don't maintain appropriate documentation about rpm you loose "developers" who maintain this huge repository of packages.

...

Where do I find hints or real documentation about how to build patch rpms?

This is not necessary for real package distribution. I will bring it up with the maintainer. Btw, deltarpm generation is done by tools from the "deltarpm" package.

...

Why do I need a *login* to get this "Documentation: SUSE Package Conventions"? This all gets closed up instead of more opened.

I will bring this up internally. This should not be the case. Ciao, Marcus

Henning Hucke

10:14

New subject: Advertising in suse-security?

On Sun, 25 Sep 2005, Marcus Meissner wrote:

...

[...]

...
Where do I find hints or real documentation about how to build patch rpms?

This is not necessary for real package distribution.

This is indeed true. But *I* would really like to be able to build patch rpms. Full stop. And there is obviously the possibility to build such a thing which is obviously not properly documented.

...

I will bring it up with the maintainer.

Thanks.

...

Btw, deltarpm generation is done by tools from the "deltarpm" package.

Nice. Really! But how does it work and how would I be able to build such a thing without the need to use this "deltarpm" package? Is this thingy available for 9.0 installations (It is. But where is this Information documented?)?

...

...
Why do I need a *login* to get this "Documentation: SUSE Package Conventions"? This all gets closed up instead of more opened.

I will bring this up internally. This should not be the case.

Good. But exactly this documents that Novell/SuSE didn't yet reflect enough about the fact that they *need* contributors for the opensuse project and how to ease the work for them. Regards Henning -- "I may not be totally perfect, but parts of me are excellent." -- Ashleigh Brilliant

Robert Schiele

10:44

New subject: [suse-security] Re: Re: Advertising in suse-security?

On Sun, Sep 25, 2005 at 12:14:15PM +0200, Henning Hucke wrote:

...

Nice. Really! But how does it work and how would I be able to build such a thing without the need to use this "deltarpm" package?

Huh? This is like asking: How would I be able to compile such a C program without the need to use this "gcc" package.

...

...
...
Why do I need a *login* to get this "Documentation: SUSE Package Conventions"? This all gets closed up instead of more opened.

I will bring this up internally. This should not be the case.

Good. But exactly this documents that Novell/SuSE didn't yet reflect enough about the fact that they *need* contributors for the opensuse project and how to ease the work for them.

Sure this was one of the problems SUSE had in former times and still has but actually the situation improved in recent years thus it is not fair to say that things get closed up more and more. The fact that it takes a very long time to improve is not a perfect situation but most of us know how much work it is to change the way a company works --- and the bigger the company is the harder it gets. Obviously most people working at a company fear that changing how a company works might destroy the business model of the company and they all lose their job. Because of that it is just fair that people often fear and resist these changes. Robert -- Robert Schiele Tel.: +49-621-181-2214 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de

Dirk Schreiner

11:28

New subject: [suse-security] Re: Re: Advertising in suse-security?

Hi * Robert Schiele schrieb:

...

On Sun, Sep 25, 2005 at 12:14:15PM +0200, Henning Hucke wrote:

...
Nice. Really! But how does it work and how would I be able to build such a thing without the need to use this "deltarpm" package?

Huh? This is like asking: How would I be able to compile such a C program without the need to use this "gcc" package.

And the Answer could be use that icc thing ;-) SCNR Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: rschiele@uni-mannheim.de, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you

Henning Hucke

2 Oct 2 Oct

07:55

New subject: Advertising in suse-security?

On Sun, 25 Sep 2005, Robert Schiele wrote:

...

On Sun, Sep 25, 2005 at 12:14:15PM +0200, Henning Hucke wrote:

...
Nice. Really! But how does it work and how would I be able to build such a thing without the need to use this "deltarpm" package?

Huh? This is like asking: How would I be able to compile such a C program without the need to use this "gcc" package.

This is like asking "What's the difference between a 'normal' RPM package and a patch RPM package?" so that I can build such a thing even without specialised black boxes!

...

[...]

...
Good. But exactly this documents that Novell/SuSE didn't yet reflect enough about the fact that they *need* contributors for the opensuse project and how to ease the work for them.

Sure this was one of the problems SUSE had in former times and still has but actually the situation improved in recent years thus it is not fair to say that things get closed up more and more. The fact that it takes a very long time to improve is not a perfect situation but most of us know how much work it is to change the way a company works --- and the bigger the company is the harder it gets.

Like it happens to me since years now somebody describes what the situation is and why it is like it is. But I also have eyes with which I can see what you see. Nonetheless this doesn't really help if the changes take longer than contributors are willing to wait or longer than it takes to loose contributors below a "critical mass". Think about it!

...

Obviously most people working at a company fear that changing how a company works might destroy the business model of the company and they all lose their job. Because of that it is just fair that people often fear and resist these changes.

No comment. Regards Henning Hucke -- Man who falls in vat of molten optical glass makes spectacle of self.

Markus Gaugusch

09:11

New subject: Advertising in suse-security?

On Oct 2, Henning Hucke <h_hucke@aeon.icebear.org> wrote:

...

On Sun, 25 Sep 2005, Robert Schiele wrote:

...
On Sun, Sep 25, 2005 at 12:14:15PM +0200, Henning Hucke wrote:

...
Nice. Really! But how does it work and how would I be able to build such a thing without the need to use this "deltarpm" package?

Huh? This is like asking: How would I be able to compile such a C program without the need to use this "gcc" package.

This is like asking "What's the difference between a 'normal' RPM package and a patch RPM package?" so that I can build such a thing even without specialised black boxes!

Sorry, but you are wrong. There is no black box. You can get the deltarpm source from your DVD or local SuSE mirror: http://suse.inode.at/pub/i386/9.3/suse/src/deltarpm-2.2-3.src.rpm And detailed documentation about creating patch (delta) rpms is available at /usr/share/doc/packages/deltarpm/README. Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \

Henning Hucke

13:26

New subject: Advertising in suse-security?

On Sun, 2 Oct 2005, Markus Gaugusch wrote:

...

[...] Sorry, but you are wrong. There is no black box. You can get the deltarpm source from your DVD or local SuSE mirror: http://suse.inode.at/pub/i386/9.3/suse/src/deltarpm-2.2-3.src.rpm

"source code" is not "documentation"!

...

And detailed documentation about creating patch (delta) rpms is available at /usr/share/doc/packages/deltarpm/README.

You call a 5k README "detailed documentation"!? Oviously we have a quite different understanding of "detailed documentation". Anyway: So tell we what the difference of a "normal" and a "patch rpm" is and state the source in this REAME for every part of your description. Regards Henning Hucke -- Computers are not intelligent. They only think they are.

Scott Leighton

14:09

New subject: [suse-security] Re: Re: Advertising in suse-security?

On Sunday 02 October 2005 6:26 am, Henning Hucke wrote:

...

Anyway: So tell we what the difference of a "normal" and a "patch rpm" is and state the source in this REAME for every part of your description.

Geez, what arrogance. Should he come to your house and do your dishes too? Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)

Christian Boltz

20:31

New subject: [suse-security] Re: Advertising in suse-security?

Hello, Am Sonntag, 2. Oktober 2005 15:26 schrieb Henning Hucke:

...

On Sun, 2 Oct 2005, Markus Gaugusch wrote:

...
[...] And detailed documentation about creating patch (delta) rpms is available at /usr/share/doc/packages/deltarpm/README.

You call a 5k README "detailed documentation"!?

Oviously we have a quite different understanding of "detailed documentation".

Yes. A 5k document is something I would name a "quick start guide", but not "detailed documentation". (At least the file format is described ;-) (And, BTW, README contains wrong command names in 9.3. It's "makedeltarpm", not "prepdeltarpm". Fixed in 10.0.) One of the last german "Linux Magazin" had a good article about delta RPM. (I don't know if it's available online yet.)

...

Anyway: So tell we what the difference of a "normal" and a "patch rpm" is and state the source in this REAME for every part of your description.

BTW: patch rpm != delta rpm Regards, Christian Boltz -- "Golden rule of Sourcecode: 50% are comments, and the other 50% bugs!"

Henning Hucke

22:13

New subject: What are patch rpms? (was "Re: Advertising in suse-security?")

On Sun, 2 Oct 2005, Christian Boltz wrote:

...

[...] BTW: patch rpm != delta rpm

Ahhh. Great! A hint given towards delta rpms while I was asking for the nature of patch rpms. There seem to be quite noticable confusion on this list... Marcus, any comments on this? Regards Henning Hucke -- Getting the job done is no excuse for not following the rules. Corrollary: Following the rules will not get the job done.

Marcus Meissner

20:57

New subject: [suse-security] Re: Re: Advertising in suse-security?

On Sun, Oct 02, 2005 at 09:55:16AM +0200, Henning Hucke wrote:

...

On Sun, 25 Sep 2005, Robert Schiele wrote:

...
On Sun, Sep 25, 2005 at 12:14:15PM +0200, Henning Hucke wrote:

...
Nice. Really! But how does it work and how would I be able to build such a thing without the need to use this "deltarpm" package?

Huh? This is like asking: How would I be able to compile such a C program without the need to use this "gcc" package.

This is like asking "What's the difference between a 'normal' RPM package and a patch RPM package?" so that I can build such a thing even without specialised black boxes!

The patch RPM just contains the changed files (and the %config files). I have asked the author of the program if he wants to release it, but he did not see the sourcecode fit (qualitywise) for release. Ciao, Marcus

Henning Hucke

22:14

New subject: What are patch rpms? (was "Re: Advertising in suse-security?")

On Sun, 2 Oct 2005, Marcus Meissner wrote:

...

[...] The patch RPM just contains the changed files (and the %config files).

I have asked the author of the program if he wants to release it, but he did not see the sourcecode fit (qualitywise) for release.

Is there a howto which describes how to build a patch rpm "by hand"? Regards Henning -- *** NEWSFLASH *** Russian tanks steamrolling through New Jersey!!!! Details at eleven!

Mathew E Enders

25 Sep 25 Sep

12:18

New subject: [suse-security] Re: Re: Advertising in suse-security?

I thought I subscibed to the security list not the discuss list. -- Mathew E Enders <mathew.enders@prodigy.net>

Henning Hucke

29 Sep 29 Sep

19:38

New subject: Advertising in suse-security?

On Sun, 25 Sep 2005, Mathew E Enders wrote:

...

I thought I subscibed to the security list not the discuss list.

There is "suse-security-announce" where you just get the announcements. This *is* AFAIK a discussion list. Regards Henning Hucke -- Talking much about oneself can also be a means to conceal oneself. -- Friedrich Nietzsche

Crispin Cowan

28 Sep 28 Sep

20:40

New subject: [suse-security] Advertising in suse-security? (was "Re: does xen improve security?")

Henning Hucke wrote:

...

On Fri, 23 Sep 2005, Crispin Cowan wrote:

...
[...] In contrast, <Novell product> was designed specifically for the purpose of securely confining things like your FTP and web servers. I actually [...]

Crispin, I know that its effectivly Novell running this mailing list but you _will_ - as far as I learned this mailing list over the years - loose some experienced security specialists in this list if you should transform it into a product propagation platform...

I'm sorry you feel that way, but it is my understanding of standard mailing list netequitte that it is appropriate to mention a product if it actually answer's someone's question. AppArmor is exactly what Joe Knall needs to achieve his purpose, but he did not know that.

...

Last but not least you managed it to emit your mail without reference headers to chain the ML mails in the thread ("In-Reply-To", "References"). This is bad practise and IMHO not worth a technician or worth a company like Novell/SuSE (choose the matching depending on where the error happened).

That happened because I was not subscribed to the list at the time Joe posted, someone forwarded his post to me. Since I "replied" to the contents of a forward instead of Joe's original message, the threading information was lost. I have never found a way to preserve threading information from a forwarded post, and would like to learn how if someone actually knows. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com

7020

Age (days ago)

7029

Last active (days ago)

List overview

Download

19 comments

11 participants

participants (11)

Anders Johansson
Carlos E. R.
Christian Boltz
Crispin Cowan
Dirk Schreiner
Henning Hucke
Marcus Meissner
Markus Gaugusch
Mathew E Enders
Robert Schiele
Scott Leighton