[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

To: Philip R Auld <pauld@xxxxxxxxxxx>
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Mon, 14 Mar 2005 16:16:52 +0100
Cc: David Hopwood <david.hopwood@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 14 Mar 2005 15:18:21 +0000
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

On Mon, Mar 14, 2005 at 09:58:50AM -0500, Philip R Auld wrote:
> Rumor has it that on Sun, Mar 13, 2005 at 10:51:22PM +0100 Kurt Garloff said:
> > Normally, you'd expect that only the sysadmin is able to control
> > virtual machines. This would be the result of this simple tweak.
> 
> Which sysadmin?  Dom0 sysadmin may not be the same as a vm's sysadmin.
> You would not want a VM sysadmin to be able to manage someone else's VM,
> but he may want control over his own. 

The most straightforward approach would be to have dom0 sysadmin to be
the one in control of all the other domains.

Currently all dom0 users are, which is inconvenient, as machines that
are used as desktops will need to have dom0 uers.

Of course, the other domains can have their own root users. This is
not changed by restricting control connections to be originating from
ports < 1024.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgpgVAV3f4_dr.pgp
Description: PGP signature

Follow-Ups:
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Philip R Auld

References:
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Rich Persaud
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Anthony Liguori
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Bastian Blank
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Rik van Riel
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Tommi Virtanen
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Rik van Riel
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Kurt Garloff
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: David Hopwood
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Kurt Garloff
- Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
  - From: Philip R Auld

Prev by Date: Re: [Xen-devel] [patch/unstable] page table cleanups
Next by Date: Re: [Xen-devel] usb harddisk problem
Previous by thread: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
Next by thread: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.