WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: RE: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: RE: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Sun, 13 Mar 2005 18:37:07 +0100
Cc: Rik van Riel <riel@xxxxxxxxxx>, Tommi Virtanen <tv@xxxxxxxxxxxxx>, Bastian Blank <waldi@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx, ian.pratt@xxxxxxxxxxxx
Delivery-date: Sun, 13 Mar 2005 17:38:47 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <A95E2296287EAD4EB592B5DEEFCE0E9D1E3622@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: SUSE/Novell
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1E3622@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i
Hi Ian,

On Sun, Mar 13, 2005 at 05:17:38PM -0000, Ian Pratt wrote:
> I think this is a good first step, and pretty easy to implement.

... if you know twisted well enough. I did not invest much time,
but I failed.

I had a short look and thought that adding something like

    def connectionMade(self):
       if self.transport:
           log.info("xend: connect from host %s, port %ui" % \
                       (self.transport.client[0], self.transport.client[1]))
           if self.transport.client[1] >= 1024:
               self.loseConnection()

to class EventProtocol in SrvDaemon.py would do the job.

I was wrong ... the log.info never even triggered.

Making this configurable would be a plus as well, I guess.
in XendRoot.py, I had put

    """Default for xend-privileged """
    xend_privileged_default   = '1'

[...]
    def get_xend_privileged(self):
       """Get the setting that controls whether xend only accepts connections
       from privileged ports.
       """
       return self.get_config_value('xend-privileged', 
self.xend_privileged_default)


And then these pieces would need to be connected.
And xm taught to try grabbing a privileged port.

> Volunteers?

Someone more familiar with the xend implementation should be more
successful than me.

> With the next generation of tools we could insist on using SSL and thus
> that the client have an appropriate certificate.

That's the full blown approach, of course, as it would enable you to
allow remote control.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgpEL6QaeXQrQ.pgp
Description: PGP signature