Re: severe security issue on dom0/xend/xm/non-root users

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Anthony Liguori <aliguori@us.ibm.com>
To: Rich Persaud <rich.p@xensource.com>
Cc: Adam Heath <doogie@brainfood.com>,
	xen-devel@lists.sourceforge.net, Bastian Blank <waldi@debian.org>
Subject: Re: severe security issue on dom0/xend/xm/non-root	users
Date: Fri, 04 Mar 2005 13:47:35 -0600	[thread overview]
Message-ID: <1109965655.3355.8.camel@localhost> (raw)
In-Reply-To: <4228B4D3.8020909@xensource.com>

On Fri, 2005-03-04 at 13:19, Rich Persaud wrote:
> Anthony Liguori wrote:
> 
> >Xend is not designed to provide any sort of security protection out of
> >the box.  It assumes that you're running on a trusted network.  Just
> >assume that any person that can ping dom0 has root access to your
> >system.
> >  
> >
> How about the config option that restricts Xend to listening only on the 
> loopback network interface?

That's why I was careful to say "out of the box".

There are a number of things you can do to secure Xend.  You can make it
listen to the loopback device, you could use a firewall (which I think
is a more flexible option).

You can't stop local connections from non-root users but there's not a
whole lot of reason to have non-root users in domain-0 anyway.

BTW, Posix doesn't mandate that filesystem permissions are respected
with unix domain sockets.  Linux currently does check the filesystem
permission bits when opening a unix domain socket.  A few notable Unices
(I think BSD but I'm not sure) don't perform permission checks on domain
sockets.

The proper way to do permission checking with domain sockets is using
SCM data.

Regards,

> Rich
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
-- 
Anthony Liguori
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguori@us.ibm.com
Phone: (512) 838-1208




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

next prev parent reply	other threads:[~2005-03-04 19:47 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-04 17:23 severe security issue on dom0/xend/xm/non-root users Adam Heath
2005-03-04 19:01 ` Anthony Liguori
2005-03-04 19:19   ` Rich Persaud
2005-03-04 19:47     ` Anthony Liguori [this message]
2005-03-04 19:39       ` Adam Heath
2005-03-04 19:56       ` Bastian Blank
2005-03-05 21:53         ` Rik van Riel
2005-03-05 22:28           ` Bastian Blank
2005-03-06 15:14           ` Tommi Virtanen
2005-03-06 21:14             ` Rik van Riel
2005-03-13 14:55               ` Kurt Garloff
2005-03-13 16:00                 ` Rik van Riel
2005-03-13 17:09                   ` Kurt Garloff
2005-03-13 21:39                 ` David Hopwood
2005-03-13 21:51                   ` Kurt Garloff
2005-03-14 14:58                     ` Philip R Auld
2005-03-14 15:16                       ` Kurt Garloff
2005-03-14 15:54                         ` Philip R Auld
2005-03-14 16:13                           ` Kurt Garloff
2005-03-14 16:44                             ` Anthony Liguori
2005-03-17  6:46                             ` Tommi Virtanen
2005-03-17 15:02                               ` Kurt Garloff
2005-03-18  9:19                                 ` Tommi Virtanen
2005-03-18  9:31                                   ` Kurt Garloff
2005-03-18 11:59                                     ` Tommi Virtanen
2005-03-19 11:21                                       ` Nuutti Kotivuori
2005-03-19  2:33                                   ` David Hopwood
2005-03-19  6:29                                     ` Anthony Liguori
2005-03-05  3:14       ` David Hopwood
2005-03-05  7:54         ` Anthony Liguori
2005-03-04 19:35   ` Adam Heath
2005-03-04 19:54     ` Anthony Liguori
2005-03-04 19:47       ` Rich Persaud
2005-03-04 23:19       ` Nicholas Lee
  -- strict thread matches above, loose matches on Subject: below --
2005-03-13 17:17 Ian Pratt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1109965655.3355.8.camel@localhost \
    --to=aliguori@us.ibm.com \
    --cc=doogie@brainfood.com \
    --cc=rich.p@xensource.com \
    --cc=waldi@debian.org \
    --cc=xen-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.