From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Hopwood Subject: Re: severe security issue on dom0/xend/xm/non-root users Date: Sat, 05 Mar 2005 03:14:48 +0000 Message-ID: <42292428.6040307@blueyonder.co.uk> References: <1109962904.2746.12.camel@localhost> <4228B4D3.8020909@xensource.com> <1109965655.3355.8.camel@localhost> Reply-To: david.nospam.hopwood@blueyonder.co.uk Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <1109965655.3355.8.camel@localhost> Sender: xen-devel-admin@lists.sourceforge.net Errors-To: xen-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: To: xen-devel@lists.sourceforge.net List-Id: xen-devel@lists.xenproject.org Anthony Liguori wrote: > BTW, Posix doesn't mandate that filesystem permissions are respected > with unix domain sockets. Linux currently does check the filesystem > permission bits when opening a unix domain socket. A few notable Unices > (I think BSD but I'm not sure) don't perform permission checks on domain > sockets. > > The proper way to do permission checking with domain sockets is using > SCM data. There are several techniques you could be referring to: but they all sound to me like complicated and nonportable hacks. Which one did you mean? -- David Hopwood ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click