From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jacob Gorm Hansen Subject: Re: Building domains as a lesser user (was Re: boot loaders for domain != 0) Date: Thu, 03 Feb 2005 19:16:37 -0800 Message-ID: <4202E915.4030100@diku.dk> References: <4202CB48.2040704@diku.dk> <4202DB0F.1050102@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <4202DB0F.1050102@codemonkey.ws> Sender: xen-devel-admin@lists.sourceforge.net Errors-To: xen-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: To: Anthony Liguori Cc: xen-devel@lists.sourceforge.net List-Id: xen-devel@lists.xenproject.org Anthony Liguori wrote: > As an alternative, I was trying to see if there was a way do create a > domain as a non-root user. Since root can set up the shared memory > segments, it seems like the builder should be able to drop to a lesser > user. It could even enter a chroot() so that the only potential attack > vector is a syscall exploit (which are rare and well-known enough that > that seems to be acceptable). > If we trust Linux to enforce security, we do not need Xen at all ;-) Jacob ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl