From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: Xend listening for TCP HTTP?
Date: Thu, 15 Dec 2005 16:16:02 -0600
Message-ID: <43A1EB22.3050001@us.ibm.com>
References: <43A1EA68.7060908@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <43A1EA68.7060908@us.ibm.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Ok, I confirmed this, out of the box, accessing 
http://localhost:8000/xen/domain as a lesser-privileged user allows one 
to do very bad things.

Regards,

Anthony Liguori

Anthony Liguori wrote:

> Hi,
>
> On IRC, it came up that recent snapshots of Xend are now listening for 
> TCP HTTP connections again by default.  Since it's still listening on 
> a Unix socket and xm will always prefer that, xm still only functions 
> as root.
>
> However, less privileged users can still connect to the TCP port and 
> through Xend gain root access.  This seems like a pretty bad default 
> configuration.  I poked around on the TCP interface but couldn't seem 
> to confirm this (does it only accept s-expression Content-Type now?).
>
> Thanks for any clarification on this.
>
> Regards,
>
> Anthony Liguori
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>