From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Mark Williamson <maw48@hermes.cam.ac.uk>
Cc: xen-devel@lists.sf.net
Subject: Re: protecting xen startup
Date: Tue, 23 Nov 2004 20:51:52 +0000 [thread overview]
Message-ID: <20041123205152.GA5146@lkcl.net> (raw)
In-Reply-To: <Pine.LNX.4.60.0411231802570.3258@hermes-1.csi.cam.ac.uk>
On Tue, Nov 23, 2004 at 06:07:52PM +0000, Mark Williamson wrote:
> >i notice that there's a management interface on port 8000.
>
> There are currently two HTTP-based management interfaces. Once of them is
> the Xensv web interface, the other is the Xend HTTP-based API, which is
> used by both the command line xm tool and Xensv to issue commands to Xend.
>
> >i seek to protect this interface such that nothing but a trusted program
> >(think selinux) may run, manage, start up or shut down xen oses.
>
> Currently, anyone who can access Xend's port can issue management
> commands. Xend can optionally be configured to only accept connections
> from localhost, in which case only local users will be able to issue
> commands to it.
okay.
is there anything preventing that interface from being removed, such
that the client/server bit is munged into a single application?
> >is the port 8000 stuff just providing a web server (/etc/init.d/xend)
> >front-end to some extra system calls?
>
> Not exactly. At the Linux Level, there aren't any extra Xen system calls.
> Most commands are issued to Xen by performing ioctls on the
> /proc/xen/privcmd file.
GREAT.
that means that it will be possible to lock down at the very least the
access to /proc/xen and later, should it prove worthwhile, to protect
each ioctl with a new selinux security id per ioctl command.
> The commands which are issued through this file
> are largely transparent to XenLinux however, having meaning only when they
> are parsed by Xen.
... that kinda goes without saying :)
> >is the port 8000 stuff actually running in the xen boot-up stuff?
>
> Xend starts its HTTP interface when it starts up and will do anything the
> HTTP interface tells it to do. If Xend isn't running then the HTTP
> interface is not accessible (but you can't do a lot without Xend).
... but there's nothing to prevent the merging of the xend and the xm
programs, bypassing the use of HTTP, right?
ta,
l.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
next prev parent reply other threads:[~2004-11-23 20:51 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-23 17:05 protecting xen startup Luke Kenneth Casson Leighton
2004-11-23 18:07 ` Mike Wray
2004-11-23 21:03 ` Luke Kenneth Casson Leighton
2004-11-23 18:07 ` Mark Williamson
2004-11-23 20:51 ` Luke Kenneth Casson Leighton [this message]
2004-11-23 21:03 ` Ian Pratt
2004-11-23 21:52 ` Luke Kenneth Casson Leighton
2004-11-23 22:00 ` Jan Kundrát
2004-11-24 0:21 ` Luke Kenneth Casson Leighton
2004-11-24 8:17 ` Mark Williamson
2004-11-24 10:39 ` Luke Kenneth Casson Leighton
2004-11-23 22:49 ` Mark Williamson
2004-11-24 0:18 ` [Xen-devel] " Luke Kenneth Casson Leighton
2004-11-24 0:18 ` Luke Kenneth Casson Leighton
2004-11-24 8:27 ` Mark Williamson
-- strict thread matches above, loose matches on Subject: below --
2004-11-23 17:33 Charles Coffing
2004-11-23 17:58 ` Mike Wray
2004-11-23 23:58 Neugebauer, Rolf
2004-11-24 10:53 ` Luke Kenneth Casson Leighton
2004-11-24 11:55 ` Mark Williamson
2004-11-24 11:48 Neugebauer, Rolf
2004-11-24 15:24 ` Luke Kenneth Casson Leighton
2004-11-24 20:24 ` Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041123205152.GA5146@lkcl.net \
--to=lkcl@lkcl.net \
--cc=maw48@hermes.cam.ac.uk \
--cc=xen-devel@lists.sf.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.