WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

To: Adam Heath <doogie@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Fri, 04 Mar 2005 13:01:45 -0600
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Bastian Blank <waldi@xxxxxxxxxx>
Delivery-date: Fri, 04 Mar 2005 18:52:41 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: IBM
References: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
Any network user can connect to dom0 and also do any of these
operations.

The Xen documents should perhaps make this more aware.

Xend is not designed to provide any sort of security protection out of
the box.  It assumes that you're running on a trusted network.  Just
assume that any person that can ping dom0 has root access to your
system.

This is being addressed.  This isn't a flaw in Xend.  It just wasn't
meant for a security-conscious environment.

Regards,
Anthony Liguori

On Fri, 2005-03-04 at 11:23, Adam Heath wrote:
> Bastian informed me on irc of a very severe security problem with xen.  A
> normal user can run xm, which then just communicates using tcp to xend, to do
> the work.  This allows a normal user to create domains, which then allows a
> normal user to be able to access block devices.
> 
> Doing chmod 700 on the xm binary won't help, as the user could just copy the
> files.
> 
> My suggestion is to have an auth file of some kind in /etc/xen, chmod 700,
> that both xend and xm can then read.  They'd then have to use https to
> communicate.  But that's only if you stick with python.
> 
> Unix domain sockets don't have this problem, as they can query the userid at
> the other end of the socket.
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/xen-devel
-- 
Anthony Liguori
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguori@xxxxxxxxxx
Phone: (512) 838-1208




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel