WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

To: Tommi Virtanen <tv@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Thu, 17 Mar 2005 16:02:30 +0100
Cc: Philip R Auld <pauld@xxxxxxxxxxx>, David Hopwood <david.hopwood@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 17 Mar 2005 15:36:40 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <423927DB.3040305@xxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: SUSE/Novell
References: <422B1E47.9050502@xxxxxxxxxxxxx> <Pine.LNX.4.61.0503061613160.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050313145512.GC29310@xxxxxxxxxxxxxxxxx> <4234B2F5.1070205@xxxxxxxxxxxxxxxx> <20050313215122.GC11358@xxxxxxxxxxxxxxxxx> <20050314145850.GB6037@xxxxxxxxxxxxxxxxxx> <20050314151652.GE11417@xxxxxxxxxxxxxxxxx> <20050314155421.GD6037@xxxxxxxxxxxxxxxxxx> <20050314161316.GM11417@xxxxxxxxxxxxxxxxx> <423927DB.3040305@xxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i
Hi,

On Thu, Mar 17, 2005 at 08:46:51AM +0200, Tommi Virtanen wrote:
> There's a simple reason why that's not really what you want.
> 
> Imagine two security-sensitive services, with different sets of
> allowed users. Using UNIX domain sockets with filesystem access
> control allows using two groups to list the allowed users for each
> service -- using <1024 source port does not.

It does.
The frontend (that would acquire the privileged socket) would need
to be setuid root for this and then could enforce whatever policies,
much more flexible than the Unix group membership model if you want.

Best regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgpChemo8uoOJ.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>