From: Tommi Virtanen <tv@tv.debian.net>
To: Rik van Riel <riel@redhat.com>
Cc: Bastian Blank <waldi@debian.org>, xen-devel@lists.sourceforge.net
Subject: Re: severe security issue on dom0/xend/xm/non-root users
Date: Sun, 06 Mar 2005 17:14:15 +0200 [thread overview]
Message-ID: <422B1E47.9050502@tv.debian.net> (raw)
In-Reply-To: <Pine.LNX.4.61.0503051651070.31720@chimarrao.boston.redhat.com>
Rik van Riel wrote:
> Note that I do not believe that xend access should be root
> only, people may want to run management software under another
> UID. As long as domain 0 doesn't get any untrusted users,
> things should be fine.
That's not good design. I sincerely think access to any confidential
or security conscious part of xen should be limited, e.g. with a
unix domain socket located in a directory only readable by a certain
group.
If any user in dom0 can do sensitive xm operations, a security bug
in _any_ dom0 networked app allows the attacker to gain remote root.
That is, (xen trusts every user in dom0) implies (in dom0, all security
vulnerabilities give access to root).
Note that if there are harmless xm commands (xm list and so on), they
could be allowed for all users in dom0.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
next prev parent reply other threads:[~2005-03-06 15:14 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-04 17:23 severe security issue on dom0/xend/xm/non-root users Adam Heath
2005-03-04 19:01 ` Anthony Liguori
2005-03-04 19:19 ` Rich Persaud
2005-03-04 19:47 ` Anthony Liguori
2005-03-04 19:39 ` Adam Heath
2005-03-04 19:56 ` Bastian Blank
2005-03-05 21:53 ` Rik van Riel
2005-03-05 22:28 ` Bastian Blank
2005-03-06 15:14 ` Tommi Virtanen [this message]
2005-03-06 21:14 ` Rik van Riel
2005-03-13 14:55 ` Kurt Garloff
2005-03-13 16:00 ` Rik van Riel
2005-03-13 17:09 ` Kurt Garloff
2005-03-13 21:39 ` David Hopwood
2005-03-13 21:51 ` Kurt Garloff
2005-03-14 14:58 ` Philip R Auld
2005-03-14 15:16 ` Kurt Garloff
2005-03-14 15:54 ` Philip R Auld
2005-03-14 16:13 ` Kurt Garloff
2005-03-14 16:44 ` Anthony Liguori
2005-03-17 6:46 ` Tommi Virtanen
2005-03-17 15:02 ` Kurt Garloff
2005-03-18 9:19 ` Tommi Virtanen
2005-03-18 9:31 ` Kurt Garloff
2005-03-18 11:59 ` Tommi Virtanen
2005-03-19 11:21 ` Nuutti Kotivuori
2005-03-19 2:33 ` David Hopwood
2005-03-19 6:29 ` Anthony Liguori
2005-03-05 3:14 ` David Hopwood
2005-03-05 7:54 ` Anthony Liguori
2005-03-04 19:35 ` Adam Heath
2005-03-04 19:54 ` Anthony Liguori
2005-03-04 19:47 ` Rich Persaud
2005-03-04 23:19 ` Nicholas Lee
-- strict thread matches above, loose matches on Subject: below --
2005-03-13 17:17 Ian Pratt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=422B1E47.9050502@tv.debian.net \
--to=tv@tv.debian.net \
--cc=riel@redhat.com \
--cc=waldi@debian.org \
--cc=xen-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.