Some Ruminations on XEN

While my main focus on this site is Robots (obviously), I am unfortunately not able to spend all my time building little autonomous canine chew toys. My current really big project is building a management system for the Xen Hypervisor. Vaporware concerns aside, I can assure the public that we actually have working code. We just don't want to release it before it is ready. It is the computer equivalent of not wanting everybody in your new PE class see your tighty whiteys with the big hole in. We are going to get the code polished before opening the SVN repo for public consumption.

While hacking away on the abstraction layer though, I learned of a few nasty (and not as well known as I would hope) issues with the security layer on Xen. Namely: There isn't one.

That's right folks; if you do not firewall port 8002, and you are running the XenD server, you may as well have offered root to all takers. This si because there is no authentication layer on the XenD server on port 8002 (this is Redhat centric btw). In their defence, the Xen team are re-engineering the server to fix this issue, but for now, I would totally avoid running Xen on any server with shell account access. Be careful with your mod_proxy settings too if you know what is good for you ;)