WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xend listening for TCP HTTP?

from [Nivedita Singhvi] [Permanent Link][Original]
To: Anthony Liguori <aliguori@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xend listening for TCP HTTP?
From: Nivedita Singhvi <niv@xxxxxxxxxx>
Date: Thu, 15 Dec 2005 15:43:20 -0800
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 15 Dec 2005 23:45:25 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <43A1EB22.3050001@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <43A1EA68.7060908@xxxxxxxxxx> <43A1EB22.3050001@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (X11/20050923) 
Anthony Liguori wrote:
Ok, I confirmed this, out of the box, accessing http://localhost:8000/xen/domain as a lesser-privileged user allows one to do very bad things. 

Anthony, were you using the default xend-config.sxp?

Currently, although the default is off for http support
in xend, the default config file turns it on:

#(xend-http-server no)
(xend-http-server yes)

Note that it is restricted to local users, though:

# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
# Specifying the empty string '' (the default) allows all connections.
#(xend-address '')
(xend-address localhost)

I'm about to submit a patch to turn this off in the default
file that's installed, as it's generally the case that most
people won't change it...

thanks,
Nivedita


Regards,

Anthony Liguori

Anthony Liguori wrote:


Hi,
On IRC, it came up that recent snapshots of Xend are now listening for TCP HTTP connections again by default. Since it's still listening on a Unix socket and xm will always prefer that, xm still only functions as root.
However, less privileged users can still connect to the TCP port and through Xend gain root access. This seems like a pretty bad default configuration. I poked around on the TCP interface but couldn't seem to confirm this (does it only accept s-expression Content-Type now?). 

Thanks for any clarification on this.

Regards,

Anthony Liguori

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel





_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] make network-bridge work in more environments, Dave Virtual
Next by Date:  Re: [Xen-devel] Xend listening for TCP HTTP?, Anthony Liguori
Previous by Thread:  Re: [Xen-devel] Xend listening for TCP HTTP?, Anthony Liguori
Next by Thread:  Re: [Xen-devel] Xend listening for TCP HTTP?, Anthony Liguori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy