Re: Is pci-pasthrough enabled for F9 DomU?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 14, 2008 at 9:54 AM, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
> On Tue, May 13, 2008 at 04:55:04PM -0700, snowcrash+xen@xxxxxxxxx wrote:
>  > ouch!  a large %age of the boxes we deploy have a firewall/DomU & and
>  > a NAS/Domu, each with dedicated, pass'd-thru NICs.  without passthru,
>  > performance is lousy.
>
>  You're aware that PCI passthrough is insecure?  Someone who gets root
>  access to a guest can reprogram the NICs (trivially) to read or write
>  any area of memory in any guest or the dom0.  This might be pertinent
>  information if you were expecting your firewall to provide isolation.

I figured that a domU having direct hardware access would open
security holes; however, the VM I built is for monitoring our Internet
connection, and I couldn't figure a way to sniff that traffic without
direct hardware access.  It's a tightly secured VM with only pinhole
access to it in any case.  If there's a better way to configure a VM
for traffic sniffing, I'd be interested in hearing...

Regards,
David
-- 
David L. Parsley
Manager of Network Services, Bridgewater College
"If I have seen further, it is by standing on ye shoulders of giants"
- Isaac Newton

--
Fedora-xen mailing list
Fedora-xen@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-xen

[Index of Archives]     [Fedora General]     [Fedora Music]     [Linux Kernel]     [Fedora Desktop]     [Fedora Directory]     [PAM]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux