LxCenter Forum: Fixed Bugs, Security Issues and Implemented Features » 08/25/2009

HyperVM & Kloxo Support

Forum

Members

Help

Home

Home » Archive » Fixed Bugs, Security Issues and Implemented Features » 08/25/2009 - public HyperVM vuln

Show: Today's Messages :: Show Polls :: Message Navigator

Re: 08/25/2009 - public HyperVM vuln [message #70431 is a reply to message #70330]

Fri, 28 August 2009 12:01

_GrG_

Messages: 14
Registered: June 2009

Member

Done

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70457 is a reply to message #70330]

Fri, 28 August 2009 17:59

arthurthornton

Messages: 2120
Registered: August 2007
Location: Virginia

Grandmaster
LxCenter Staff

This vulnerability affects Xen vms (I just tested it).

I am working on a working patch for Xen.

My Site

[Updated on: Fri, 28 August 2009 18:46]

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70458 is a reply to message #70330]

Fri, 28 August 2009 18:09

yourweb

Messages: 61
Registered: May 2009

Valuable Member

Before there is any new discussion starting about releasing the source:
- There has been choosen to fix the security problems before releasing the code. As far as I know the code will be released, the only problem is that when the code will be released before HyperVM has been released that security problems can be fixed, but it can take some time before every HyperVM server has updated his software and there will be a lot updates. In the mean time the hackers can hack easily a HyperVM cluster or node using the published exploit
- The family and other volunteers have choossen to not release the code until HyperVM is safe again as far as possible with the current code. The only thing they may want to do is update HyperVM at maximum every day with new secured code.
- My opinion: I'm happy that Danny and others are working for free on this system. The code isn't safe and isn't the best, so it is hard to secure the code. HyperVM is a great system, but the code isn't. After the secured version of HyperVM is released they will probably start on V3.0: a version with probably much better code.

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70472 is a reply to message #70458]

Sat, 29 August 2009 01:11

heyhey

Messages: 9
Registered: June 2009

Member

yourweb wrote on Fri, 28 August 2009 18:09

Can you explain:
- why not releasing the code first is increasing security here?
- why it was choosen to fix issue before releasing? What's the goal?
- don't you think with the help of others, it would go faster?
- don't you think that others will see new mistakes (everyone does some)?
- when you release, what license will you choose? This one is very important.

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70473 is a reply to message #70330]

Sat, 29 August 2009 02:20

testbot

Messages: 27
Registered: August 2009
Location: chicago

Member

can you discuss the release of the code and anything else not directly related to the vulnerability in another thread please?

i'm sure i'm not the only one that doesn't want to receive an email you girls post a new reply about who should get what.

i'm only interested in security.

thank you.

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70851 is a reply to message #70457]

Mon, 07 September 2009 00:20

bliss

Messages: 288
Registered: July 2008

Senior Member

arthurthornton wrote on Fri, 28 August 2009 22:59

This vulnerability affects Xen vms (I just tested it).

I am working on a working patch for Xen.

Anywhere closer with a patch for Xen yet?

Would be usedul.

Regards

Jane

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70857 is a reply to message #70851]

Mon, 07 September 2009 00:52

arthurthornton

Messages: 2120
Registered: August 2007
Location: Virginia

Grandmaster
LxCenter Staff

I am still trying at this and I anticipate having a patch today.

My Site

[Updated on: Mon, 07 September 2009 01:19]

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #70984 is a reply to message #70330]

Fri, 11 September 2009 08:44

Danny

Messages: 57
Registered: March 2008

Valuable Member

Bump!

Report message to a moderator

Re: 08/25/2009 - public HyperVM vuln [message #71047 is a reply to message #70984]

Mon, 14 September 2009 06:17

LxCenter_Danny

Messages: 2068
Registered: July 2007
Location: Netherlands

Grandmaster
LxCenter Core Team Member
LxCenter Representative

The deadline for adding a fix to the source/public has passed.
The next opensourced release (maybe october) is without fix!
I hope current Developers learned their lesson Smile

They must focus now on the next tasks with deadlines.

So after opensourced version is released and you know a good fix for both Xen and OpenVZ... enjoy to commit them.