WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

from [Tommi Virtanen] [Permanent Link][Original]
To: Rik van Riel <riel@xxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Tommi Virtanen <tv@xxxxxxxxxxxxx>
Date: Sun, 06 Mar 2005 17:14:15 +0200
Cc: Bastian Blank <waldi@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 07 Mar 2005 09:37:54 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.61.0503051651070.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1109962904.2746.12.camel@localhost> <4228B4D3.8020909@xxxxxxxxxxxxx> <1109965655.3355.8.camel@localhost> <20050304195646.GA31213@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0503051651070.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Debian Thunderbird 1.0 (X11/20050116) 
Rik van Riel wrote:

Note that I do not believe that xend access should be root
only, people may want to run management software under another
UID.  As long as domain 0 doesn't get any untrusted users,
things should be fine.


That's not good design. I sincerely think access to any confidential
or security conscious part of xen should be limited, e.g. with a
unix domain socket located in a directory only readable by a certain
group.

If any user in dom0 can do sensitive xm operations, a security bug
in _any_ dom0 networked app allows the attacker to gain remote root.
That is, (xen trusts every user in dom0) implies (in dom0, all security
vulnerabilities give access to root).

Note that if there are harmless xm commands (xm list and so on), they
could be allowed for all users in dom0.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Bastian Blank
Next by Date:  Re: [Xen-devel] horrible nfs server performance on domU, Kip Macy
Previous by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Bastian Blank
Next by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Rik van Riel
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy