From: David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
To: xen-devel@lists.sourceforge.net
Subject: Re: severe security issue on dom0/xend/xm/non-root users
Date: Sat, 05 Mar 2005 03:14:48 +0000 [thread overview]
Message-ID: <42292428.6040307@blueyonder.co.uk> (raw)
In-Reply-To: <1109965655.3355.8.camel@localhost>
Anthony Liguori wrote:
> BTW, Posix doesn't mandate that filesystem permissions are respected
> with unix domain sockets. Linux currently does check the filesystem
> permission bits when opening a unix domain socket. A few notable Unices
> (I think BSD but I'm not sure) don't perform permission checks on domain
> sockets.
>
> The proper way to do permission checking with domain sockets is using
> SCM data.
There are several techniques you could be referring to:
<http://www.whitefang.com/sup/secure-faq.html#LOCAL4>
<http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/sockets.html>
but they all sound to me like complicated and nonportable hacks. Which one
did you mean?
--
David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
next prev parent reply other threads:[~2005-03-05 3:14 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-04 17:23 severe security issue on dom0/xend/xm/non-root users Adam Heath
2005-03-04 19:01 ` Anthony Liguori
2005-03-04 19:19 ` Rich Persaud
2005-03-04 19:47 ` Anthony Liguori
2005-03-04 19:39 ` Adam Heath
2005-03-04 19:56 ` Bastian Blank
2005-03-05 21:53 ` Rik van Riel
2005-03-05 22:28 ` Bastian Blank
2005-03-06 15:14 ` Tommi Virtanen
2005-03-06 21:14 ` Rik van Riel
2005-03-13 14:55 ` Kurt Garloff
2005-03-13 16:00 ` Rik van Riel
2005-03-13 17:09 ` Kurt Garloff
2005-03-13 21:39 ` David Hopwood
2005-03-13 21:51 ` Kurt Garloff
2005-03-14 14:58 ` Philip R Auld
2005-03-14 15:16 ` Kurt Garloff
2005-03-14 15:54 ` Philip R Auld
2005-03-14 16:13 ` Kurt Garloff
2005-03-14 16:44 ` Anthony Liguori
2005-03-17 6:46 ` Tommi Virtanen
2005-03-17 15:02 ` Kurt Garloff
2005-03-18 9:19 ` Tommi Virtanen
2005-03-18 9:31 ` Kurt Garloff
2005-03-18 11:59 ` Tommi Virtanen
2005-03-19 11:21 ` Nuutti Kotivuori
2005-03-19 2:33 ` David Hopwood
2005-03-19 6:29 ` Anthony Liguori
2005-03-05 3:14 ` David Hopwood [this message]
2005-03-05 7:54 ` Anthony Liguori
2005-03-04 19:35 ` Adam Heath
2005-03-04 19:54 ` Anthony Liguori
2005-03-04 19:47 ` Rich Persaud
2005-03-04 23:19 ` Nicholas Lee
-- strict thread matches above, loose matches on Subject: below --
2005-03-13 17:17 Ian Pratt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42292428.6040307@blueyonder.co.uk \
--to=david.nospam.hopwood@blueyonder.co.uk \
--cc=xen-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.