[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users



On Fri, Mar 04, 2005 at 01:47:35PM -0600, Anthony Liguori wrote:
> You can't stop local connections from non-root users but there's not a
> whole lot of reason to have non-root users in domain-0 anyway.

Fedora wants to adopt xen and I don't think they remove the VGA-card
from domain 0.

> BTW, Posix doesn't mandate that filesystem permissions are respected
> with unix domain sockets.  Linux currently does check the filesystem
> permission bits when opening a unix domain socket.  A few notable Unices
> (I think BSD but I'm not sure) don't perform permission checks on domain
> sockets.

But for directories.

> The proper way to do permission checking with domain sockets is using
> SCM data.

No, it is not.

Bastian

-- 
One does not thank logic.
                -- Sarek, "Journey to Babel", stardate 3842.4


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.