This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] XCP: Insecure Distro ?

To: "'A Cold Penguin'" <verycoldpenguin@xxxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] XCP: Insecure Distro ?
From: <admin@xxxxxxxxxxx>
Date: Tue, 10 May 2011 18:11:40 -0500
Delivery-date: Tue, 10 May 2011 16:12:33 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <BLU150-w60D638FF9F548697E3BFF0BD870@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: admin@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwO4mzwhWJBDfG1TDKG9GMRXKZpEAAhJW6A

You are referring to a “no-no” that refers to multi user situations.  XCP’s dom0 is a single user (root) environment, so you don’t have to worry about hardening the security in the same ways that you would in a multi user Unix SSH environment.  In the case of XCP’s dom0, the passwd file is only “vulnerable” if you are already logged into the dom0 as root.  And if you are already logged in as root, you would not need to worry about the passwd file. 


-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of A Cold Penguin
Sent: Tuesday, May 10, 2011 2:16 AM
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] XCP: Insecure Distro ?


> The points highlighted don't represent security risks if the dom0 is
> properly isolated on a secure management network.

Unfortunately there are some situations where even having an air-gap between networks, is not considered secure enough.
Having the password hashes in world-readable files is basically a no-no, and would mean that this product could not go into production use.
Basically this appears to be a relaxation in security against the 'norm', if this is only required due to keeping different pool members in sync,
I think that investigation should be made into an alternative method of synchronising the members.
Xen-users mailing list