| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections
So, here's my concerns:
1) ports < 1024 are reserved although 732 is currently unassigned
2) unix domain sockets would solve the same problem
3) this approach is not flexible for finer grain control
4) you still have to find a way to deal with the consoles
5) you still have to deal with xfrd
With all that said, I'd like to see this applied as it's better than
leaving everything out in the open.
Regards,
Anthony Liguori
Kurt Garloff wrote:
Hi,
as discussed previously, I went ahead and introduced a setting that
allows you to restrict the stuff you can when controlling xen by
connecting to the port 8000 unless you connect from a privileged
port.
I did not yet bother to look at the event port nor did I try to address
the consoles. The consoles will be done in a second patch if this
approach is deemed appropriate.
Note that I also do still allow unprivileged connections still to gather
most of the information. This can be debated, but I'm not such a big fan
of security by obscurity.
I hope I did not miss anything important for the control stuff.
The patch also fixes one typo (missing ") in SrvNode.py.
Regards,
-------------------------------------------------------
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
|
|
| |
|
Home