From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Liguori Subject: Re: severe security issue on dom0/xend/xm/non-root users Date: Sat, 19 Mar 2005 00:29:30 -0600 Message-ID: <423BC6CA.7010004@us.ibm.com> References: <422B1E47.9050502@tv.debian.net> <20050313145512.GC29310@tpkurt.garloff.de> <4234B2F5.1070205@blueyonder.co.uk> <20050313215122.GC11358@tpkurt.garloff.de> <20050314145850.GB6037@vienna.egenera.com> <20050314151652.GE11417@tpkurt.garloff.de> <20050314155421.GD6037@vienna.egenera.com> <20050314161316.GM11417@tpkurt.garloff.de> <423927DB.3040305@tv.debian.net> <20050317150230.GW11685@tpkurt.garloff.de> <423A9D38.9080601@tv.debian.net> <423B8F76.9060602@blueyonder.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <423B8F76.9060602@blueyonder.co.uk> Sender: xen-devel-admin@lists.sourceforge.net Errors-To: xen-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: To: david.nospam.hopwood@blueyonder.co.uk Cc: xen-devel@lists.sourceforge.net List-Id: xen-devel@lists.xenproject.org David Hopwood wrote: > You can 1 and 3 just as easily with the Unix domain socket method. > Although you could also do 2, there's no need (2 is not a flexibility > advantage, it's just something you have to do to make the port<1024 > method secure). More importantly, using SCM_CREDENTIALS allows you to pass the actual user credentials overs the domain socket. This is by far the best mechanism as it allows access control to be implemented entirely within the daemon without doing any nasty set[ug]id trickery. Its entire purpose in life is doing exactly what we're trying to do :-) Regards, Anthony Liguori ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click