RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections

To:	"Kurt Garloff" <garloff@xxxxxxx>, "Anthony Liguori" <aliguori@xxxxxxxxxx>
Subject:	RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections
From:	"Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date:	Wed, 23 Mar 2005 17:43:22 -0000
Cc:	"Xen development list" <xen-devel@xxxxxxxxxxxxxxxxxxxxx>, <ian.pratt@xxxxxxxxxxxx>
Delivery-date:	Wed, 23 Mar 2005 17:49:07 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
Thread-index:	AcUvyiVRnGOKZZS/TpWxtiW0QIUYowABBGMQ
Thread-topic:	[Xen-devel] [PATCH] xen-2.0: privileged port connections

> > 1) ports < 1024 are reserved although 732 is currently unassigned
> 
> Note that NFS uses such ports without asking prior permission.
> I chose 732 because it's unassigned indeed.

Grabbing any port <1024 should do, there's no need to just go for 732,
but have a series of ports that are tried. 
 
> > 2) unix domain sockets would solve the same problem
> 
> Yes. There's one but: 
> 
> With the patch you can currently configure xend from completely
> open (xend-address '' and xend-privileged-port 0)
> to closed (xend-address 'localhost' and xend-privileged-port 1)
> except for root (and stuff I overlooked or did not do yet).
> 
> If you go for Unix Domain Sockets instead TCP, you lose the ability
> of remote control. Unless you support both.
> 
> I did not investigate how difficult to do that would be.
> If you have a patch, I'd volunteer to review :-)

For Xen 2.x, unix domain sockets would be too much of a pain to
implement over Twisted. Kurt's approach gets us closer toward 'secure by
default'.

Xen 3 will be very different.

> > 4) you still have to find a way to deal with the consoles
> 
> Before I start working on getting the consoles under control, I 
> wanted to see whether this approach is acceptable at all.

I think it's a good band-aid.

Perhaps a better way to handle consoles would be to use 'screend', and
then have incoming ssh connections dispatched to particular screen
sessions.
 
> > 5) you still have to deal with xfrd
> 
> It seems to listen on *:8002 ... 
> Is there no authentication either? Sigh.
> 
> And we probably need to look into the event channel (8001) as well.

Xfrd needs an option to listen only on localhost. (It's still needed for
save/restore even if you don't use migrate).

The event channel only ever needs to be localhost (and could probably be
turned into a unix domain socket quite easily).


Ian


-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_idh83&alloc_id149&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

WARNING - OLD ARCHIVES

xen-devel

RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections