[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users



Rumor has it that on Sun, Mar 13, 2005 at 10:51:22PM +0100 Kurt Garloff said:
> Hi David,
> 
> On Sun, Mar 13, 2005 at 09:39:01PM +0000, David Hopwood wrote:
> > Kurt Garloff wrote:
> > >Why not just require the other end of the socket to be below 1024?
> > 
> > Please don't. The permission should be something that can be specifically
> > granted to a user or group id, not that requires root. Requiring root
> > tends to cause as many security problems as it solves.
> 
> I disagree.
> 
> Normally, you'd expect that only the sysadmin is able to control
> virtual machines. This would be the result of this simple tweak.
> 

Which sysadmin?  Dom0 sysadmin may not be the same as a vm's sysadmin.
You would not want a VM sysadmin to be able to manage someone else's VM,
but he may want control over his own. 


Cheers,

Phil


-- 
Philip R. Auld, Ph.D.                          Egenera, Inc.    
Software Architect                            165 Forest St.
(508) 858-2628                            Marlboro, MA 01752


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.