WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

from [Kurt Garloff] [Permanent Link][Original]
To: Rik van Riel <riel@xxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Sun, 13 Mar 2005 18:09:32 +0100
Cc: Tommi Virtanen <tv@xxxxxxxxxxxxx>, Bastian Blank <waldi@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 13 Mar 2005 17:10:02 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.61.0503131058390.15306@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: SUSE/Novell
References: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1109962904.2746.12.camel@localhost> <4228B4D3.8020909@xxxxxxxxxxxxx> <1109965655.3355.8.camel@localhost> <20050304195646.GA31213@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0503051651070.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <422B1E47.9050502@xxxxxxxxxxxxx> <Pine.LNX.4.61.0503061613160.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050313145512.GC29310@xxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0503131058390.15306@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i 
Hi Rik,

On Sun, Mar 13, 2005 at 11:00:27AM -0500, Rik van Riel wrote:
> On Sun, 13 Mar 2005, Kurt Garloff wrote:
> > Why not just require the other end of the socket to be below 1024?
> > If you bind to localhost, that should be enough.
> 
> Because the ability to open connections from ports < 1024
> is a capability, which can be retained by daemons after
> dropping the other root privileges.

Right.
But I don't see a problem with this.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgph14fio3nCf.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Interrupt forwarding, Keir Fraser
Next by Date:  RE: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Ian Pratt
Previous by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Rik van Riel
Next by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, David Hopwood
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy