|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-devel
Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root	users 
| On Fri, 4 Mar 2005, Anthony Liguori wrote:
> Any network user can connect to dom0 and also do any of these
> operations.
Very simple to firewall it off from remote, or even only attached to
localhost.
> The Xen documents should perhaps make this more aware.
> Xend is not designed to provide any sort of security protection out of
> the box.  It assumes that you're running on a trusted network.  Just
> assume that any person that can ping dom0 has root access to your
> system.
> This is being addressed.  This isn't a flaw in Xend.  It just wasn't
> meant for a security-conscious environment.
Once the xen packages are accepted out of debian's incoming queue, I can be
assured of having this bug filed, and it being tagged security.  It *is* a
problem.  Saying it wasn't designed with this in mind doesn't make it a
non-issue.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
 | 
 |  | 
  
    |  |  |