This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

To: david.nospam.hopwood@xxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Sat, 19 Mar 2005 00:29:30 -0600
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 19 Mar 2005 06:35:26 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <423B8F76.9060602@xxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: IBM
References: <422B1E47.9050502@xxxxxxxxxxxxx> <Pine.LNX.4.61.0503061613160.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050313145512.GC29310@xxxxxxxxxxxxxxxxx> <4234B2F5.1070205@xxxxxxxxxxxxxxxx> <20050313215122.GC11358@xxxxxxxxxxxxxxxxx> <20050314145850.GB6037@xxxxxxxxxxxxxxxxxx> <20050314151652.GE11417@xxxxxxxxxxxxxxxxx> <20050314155421.GD6037@xxxxxxxxxxxxxxxxxx> <20050314161316.GM11417@xxxxxxxxxxxxxxxxx> <423927DB.3040305@xxxxxxxxxxxxx> <20050317150230.GW11685@xxxxxxxxxxxxxxxxx> <423A9D38.9080601@xxxxxxxxxxxxx> <423B8F76.9060602@xxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)
David Hopwood wrote:

You can 1 and 3 just as easily with the Unix domain socket method.
Although you could also do 2, there's no need (2 is not a flexibility
advantage, it's just something you have to do to make the port<1024
method secure).

More importantly, using SCM_CREDENTIALS allows you to pass the actual user credentials overs the domain socket.

This is by far the best mechanism as it allows access control to be implemented entirely within the daemon without doing any nasty set[ug]id trickery. Its entire purpose in life is doing exactly what we're trying to do :-)

Anthony Liguori

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>