From: Anthony Liguori <aliguori@us.ibm.com>
To: Kurt Garloff <garloff@suse.de>
Cc: Xen development list <xen-devel@lists.sourceforge.net>
Subject: Re: [PATCH] xen-2.0: privileged port connections
Date: Wed, 23 Mar 2005 11:03:39 -0600 [thread overview]
Message-ID: <4241A16B.5080504@us.ibm.com> (raw)
In-Reply-To: <20050323165739.GR12479@tpkurt.garloff.de>
Kurt Garloff wrote:
>Hi Anthony,
>
>On Wed, Mar 23, 2005 at 09:41:24AM -0600, Anthony Liguori wrote:
>
>
>>So, here's my concerns:
>>
>>1) ports < 1024 are reserved although 732 is currently unassigned
>>
>>
>
>Note that NFS uses such ports without asking prior permission.
>I chose 732 because it's unassigned indeed.
>
I know. That's one of the reasons using this port worries me. There
may be nfs related conflicts.
>>4) you still have to find a way to deal with the consoles
>>
>>
>
>Before I start working on getting the consoles under control, I
>wanted to see whether this approach is acceptable at all.
>
>
How would you extend this to consoles? Each console can't have it's own
privileged port :-)
>>5) you still have to deal with xfrd
>>
>>
>
>It seems to listen on *:8002 ...
>Is there no authentication either? Sigh.
>
>
Nope. I think there are a few options. We could use hosts.allow or
something similiar, we could restrict it to subnets, or we could try and
implement some sort of authentication mechanism.
Perhaps shutting it off by default and making it clear that it is
insecure is enough.
>And we probably need to look into the event channel (8001) as well.
>
>
Yeah.
>But for Xen-2, let's try to find a pragmatic way that enables desktop
>users to install and test xen without raising too many security
>concerns.
>
>
I full-heartedly agree. I'll gladly help out on this effort.
Regards,
Anthony Liguori
>Regards,
>
>
-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
next prev parent reply other threads:[~2005-03-23 17:03 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-23 12:36 [PATCH] xen-2.0: privileged port connections Kurt Garloff
2005-03-23 15:41 ` Anthony Liguori
2005-03-23 16:57 ` Kurt Garloff
2005-03-23 17:03 ` Anthony Liguori [this message]
2005-03-23 17:23 ` Kurt Garloff
2005-03-23 17:45 ` Anthony Liguori
2005-03-23 18:06 ` Rik van Riel
2005-03-23 17:36 ` Nivedita Singhvi
2005-03-24 7:31 ` David Hopwood
-- strict thread matches above, loose matches on Subject: below --
2005-03-23 17:43 Ian Pratt
2005-03-23 17:59 ` Ryan Harper
2005-03-24 19:06 ` Tommi Virtanen
2005-03-24 19:56 ` Anthony Liguori
2005-03-23 18:51 Ian Pratt
2005-03-23 19:27 ` Anthony Liguori
2005-03-23 21:37 ` Christian Limpach
2005-03-23 23:58 ` Kurt Garloff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4241A16B.5080504@us.ibm.com \
--to=aliguori@us.ibm.com \
--cc=garloff@suse.de \
--cc=xen-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.