WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

from [Kurt Garloff] [Permanent Link][Original]
To: Philip R Auld <pauld@xxxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Mon, 14 Mar 2005 16:16:52 +0100
Cc: David Hopwood <david.hopwood@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 14 Mar 2005 15:18:21 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20050314145850.GB6037@xxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: SUSE/Novell
References: <4228B4D3.8020909@xxxxxxxxxxxxx> <1109965655.3355.8.camel@localhost> <20050304195646.GA31213@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0503051651070.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <422B1E47.9050502@xxxxxxxxxxxxx> <Pine.LNX.4.61.0503061613160.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050313145512.GC29310@xxxxxxxxxxxxxxxxx> <4234B2F5.1070205@xxxxxxxxxxxxxxxx> <20050313215122.GC11358@xxxxxxxxxxxxxxxxx> <20050314145850.GB6037@xxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i 
On Mon, Mar 14, 2005 at 09:58:50AM -0500, Philip R Auld wrote:
> Rumor has it that on Sun, Mar 13, 2005 at 10:51:22PM +0100 Kurt Garloff said:
> > Normally, you'd expect that only the sysadmin is able to control
> > virtual machines. This would be the result of this simple tweak.
> 
> Which sysadmin?  Dom0 sysadmin may not be the same as a vm's sysadmin.
> You would not want a VM sysadmin to be able to manage someone else's VM,
> but he may want control over his own. 

The most straightforward approach would be to have dom0 sysadmin to be
the one in control of all the other domains.

Currently all dom0 users are, which is inconvenient, as machines that
are used as desktops will need to have dom0 uers.

Of course, the other domains can have their own root users. This is
not changed by restricting control connections to be originating from
ports < 1024.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgpF80C7TWGpH.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [patch/unstable] page table cleanups, Gerd Knorr
Next by Date:  Re: [Xen-devel] usb harddisk problem, Mark Williamson
Previous by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Philip R Auld
Next by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Philip R Auld
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy