|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
On Fri, 4 Mar 2005, Bastian Blank wrote: > On Fri, Mar 04, 2005 at 01:47:35PM -0600, Anthony Liguori wrote: > > You can't stop local connections from non-root users but there's not a > > whole lot of reason to have non-root users in domain-0 anyway. > > Fedora wants to adopt xen and I don't think they remove the VGA-card > from domain 0. Indeed. I guess I need to think about restricting connections to xend to localhost only - and maybe even through a unix domain socket instead of a tcp socket ... Note that I do not believe that xend access should be root only, people may want to run management software under another UID. As long as domain 0 doesn't get any untrusted users, things should be fine. -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |