WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] XCP: Insecure Distro ?

To: Michael South <msouth@xxxxxxxxxx>
Subject: Re: [Xen-users] XCP: Insecure Distro ?
From: Adrien Guillon <aj.guillon@xxxxxxxxx>
Date: Wed, 11 May 2011 16:45:00 -0400
Cc: Xen List <xen-users@xxxxxxxxxxxxxxxxxxx>, Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Delivery-date: Wed, 11 May 2011 13:46:27 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=U+Z2iVcwXSS/IM4HVjAt+aeeFJtqlQvP/z41CcYMtLI=; b=PQ4psp/+a2O+Y/GnuDvfq4167C+iqswYeFy456WFc/mqUI/53A42WJKbTkSu9Nx3IN 0q82jdAwznqSssyM891c5CQnqpObY3axMqDJ/SGScbqAMkP9N7Gi24IZHylBM6kTCVn8 +5aIIihOfSclekSnXoFmc/n3QYD61mnVoOGII=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=taJWL76XCDGxbsfqXsRw4xi0SfSRcUw+tGa8dBJ3lPB+h/3Hyc9UmNmgAue0OJqpL5 i77xJO98hZDxKblQSqA8T+xA4fB25rTIJx1zSM34AgaoZVceAUknB7l3afZzZBpNVieu 9WLelHFbjQt/59myFCmqg92606OhJSG6y5B1I=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <62827A69-7645-4EBD-88AF-4E94251D9B17@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4DCA050E.9090807@xxxxxxxxxxx> <7A1AC784-16EB-4BF0-9020-27B6323EFBA8@xxxxxxxxxx> <62827A69-7645-4EBD-88AF-4E94251D9B17@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> In this case, adding a shadow file will not actually increase security. The 
> best it could do would be to provide "check the box" "warm and fuzzies" for 
> people who do not understand shadow's purpose. As such, it would be a _false_ 
> sense of security. This may be the case here; "if I have shadow files, then 
> it's safe to expose the dom0 login to the bare internet."

I don't believe this, rather I believe that if any daemon has a
problem at all... literally anything since it's globally readable...
the hash can be exposed.  I think that the discussion started to go
onto a tangent on security of management interfaces and all of these
topics which are indeed important, but tangential.  The security of
the system is now determined by the lowliest application, some defunct
Perl script running as "nobody" can now expose a password hash.  Yes,
as we discussed, we can isolate the network.  But I think you all have
to see that even with it isolated, the problem is still there.

As evidenced by this thread, there is quite a bit of good information
on "how Xen is meant to be used" which was not evident to me in the
documentation that I read.  I think that a nice wiki page on "best
practices" or "suggested setup" could convey to the rest of the world
what you have taken the time to convey to me.  Heck, someone can
probably write a nice article based on some of the ideas brought up in
this thread.  This would do a lot for others who are looking at Xen as
I was.

I still will not budge on the problems with /etc/passwd.  I understand
the evidence and arguments presented.  However, the issue is that any
user (I'm talking system users, not people here) can get access, even
if it is on "the internal network".  We have discussed the need to
separate a potentially insecure interface from the "big bad Internet",
and I agree fully with this.  However, in my view there is still a
problem.  It's like saying "yes, yes... if you ping the system it will
email you the password... but we don't allow ping see, we put it on a
separate isolated network where ping is not allowed... where do you
see a problem?!"  I believe, personally, this is avoidance of a
problem, and when it comes to open-source software I think problems
should be confronted, that is why I am here.

Regarding updates, could it be that shifting XCP to a Debian-based
distribution will help?  I admit I have some bias, since I prefer
Debian-based distros (although I did have a fling with Gentoo for a
few years, but it's over between us).  Should we, perhaps, make a
concerted effort to adjust XCP to be a hardened distro rather than
just a fork of something put out by Citrix?  This discussion likely
belongs on the devel list, but I just wanted to put it out there.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users