* Xend listening for TCP HTTP? @ 2005-12-15 22:12 Anthony Liguori 2005-12-15 22:16 ` Anthony Liguori 0 siblings, 1 reply; 4+ messages in thread From: Anthony Liguori @ 2005-12-15 22:12 UTC (permalink / raw) To: xen-devel Hi, On IRC, it came up that recent snapshots of Xend are now listening for TCP HTTP connections again by default. Since it's still listening on a Unix socket and xm will always prefer that, xm still only functions as root. However, less privileged users can still connect to the TCP port and through Xend gain root access. This seems like a pretty bad default configuration. I poked around on the TCP interface but couldn't seem to confirm this (does it only accept s-expression Content-Type now?). Thanks for any clarification on this. Regards, Anthony Liguori ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Xend listening for TCP HTTP? 2005-12-15 22:12 Xend listening for TCP HTTP? Anthony Liguori @ 2005-12-15 22:16 ` Anthony Liguori 2005-12-15 23:43 ` Nivedita Singhvi 0 siblings, 1 reply; 4+ messages in thread From: Anthony Liguori @ 2005-12-15 22:16 UTC (permalink / raw) To: Anthony Liguori; +Cc: xen-devel Ok, I confirmed this, out of the box, accessing http://localhost:8000/xen/domain as a lesser-privileged user allows one to do very bad things. Regards, Anthony Liguori Anthony Liguori wrote: > Hi, > > On IRC, it came up that recent snapshots of Xend are now listening for > TCP HTTP connections again by default. Since it's still listening on > a Unix socket and xm will always prefer that, xm still only functions > as root. > > However, less privileged users can still connect to the TCP port and > through Xend gain root access. This seems like a pretty bad default > configuration. I poked around on the TCP interface but couldn't seem > to confirm this (does it only accept s-expression Content-Type now?). > > Thanks for any clarification on this. > > Regards, > > Anthony Liguori > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Xend listening for TCP HTTP? 2005-12-15 22:16 ` Anthony Liguori @ 2005-12-15 23:43 ` Nivedita Singhvi 2005-12-15 23:48 ` Anthony Liguori 0 siblings, 1 reply; 4+ messages in thread From: Nivedita Singhvi @ 2005-12-15 23:43 UTC (permalink / raw) To: Anthony Liguori; +Cc: xen-devel Anthony Liguori wrote: > Ok, I confirmed this, out of the box, accessing > http://localhost:8000/xen/domain as a lesser-privileged user allows one > to do very bad things. Anthony, were you using the default xend-config.sxp? Currently, although the default is off for http support in xend, the default config file turns it on: #(xend-http-server no) (xend-http-server yes) Note that it is restricted to local users, though: # Address xend should listen on for HTTP connections, if xend-http-server is # set. # Specifying 'localhost' prevents remote connections. # Specifying the empty string '' (the default) allows all connections. #(xend-address '') (xend-address localhost) I'm about to submit a patch to turn this off in the default file that's installed, as it's generally the case that most people won't change it... thanks, Nivedita > Regards, > > Anthony Liguori > > Anthony Liguori wrote: > >> Hi, >> >> On IRC, it came up that recent snapshots of Xend are now listening for >> TCP HTTP connections again by default. Since it's still listening on >> a Unix socket and xm will always prefer that, xm still only functions >> as root. >> >> However, less privileged users can still connect to the TCP port and >> through Xend gain root access. This seems like a pretty bad default >> configuration. I poked around on the TCP interface but couldn't seem >> to confirm this (does it only accept s-expression Content-Type now?). >> >> Thanks for any clarification on this. >> >> Regards, >> >> Anthony Liguori >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel >> > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel > > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Xend listening for TCP HTTP? 2005-12-15 23:43 ` Nivedita Singhvi @ 2005-12-15 23:48 ` Anthony Liguori 0 siblings, 0 replies; 4+ messages in thread From: Anthony Liguori @ 2005-12-15 23:48 UTC (permalink / raw) To: Nivedita Singhvi; +Cc: xen-devel, Ewan Mellor Nivedita Singhvi wrote: > Anthony Liguori wrote: > >> Ok, I confirmed this, out of the box, accessing >> http://localhost:8000/xen/domain as a lesser-privileged user allows >> one to do very bad things. > > > Anthony, were you using the default xend-config.sxp? Yup. > Currently, although the default is off for http support > in xend, the default config file turns it on: > > #(xend-http-server no) > (xend-http-server yes) Yup. This was added in: # HG changeset patch # User emellor@leeni.uk.xensource.com # Node ID cefe36be8592090b4edb08060cca67a004c04617 # Parent 4d49f61a7feef3fca5fb3e991a5a1d741b6cd690 Tidy xend-config.sxp, removing entries that haven't been used since the hotplugging stuff was introduced (block-*, console-port-base, console-address) and introducing entries for options that have been present for ages (xend-{http,unix,relocation}-server, xend-unix-path, xend-relocation-address, enable-dump). Remove vif-antispoof, as Vifctl no longer passes this option down. I imagine it was unintentional. Ewan? Regards, Anthony Liguori > thanks, > Nivedita > >> Regards, >> >> Anthony Liguori >> >> Anthony Liguori wrote: >> >>> Hi, >>> >>> On IRC, it came up that recent snapshots of Xend are now listening >>> for TCP HTTP connections again by default. Since it's still >>> listening on a Unix socket and xm will always prefer that, xm still >>> only functions as root. >>> >>> However, less privileged users can still connect to the TCP port and >>> through Xend gain root access. This seems like a pretty bad default >>> configuration. I poked around on the TCP interface but couldn't >>> seem to confirm this (does it only accept s-expression Content-Type >>> now?). >>> >>> Thanks for any clarification on this. >>> >>> Regards, >>> >>> Anthony Liguori >>> >>> _______________________________________________ >>> Xen-devel mailing list >>> Xen-devel@lists.xensource.com >>> http://lists.xensource.com/xen-devel >>> >> >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel >> >> > > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-12-15 23:48 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-12-15 22:12 Xend listening for TCP HTTP? Anthony Liguori 2005-12-15 22:16 ` Anthony Liguori 2005-12-15 23:43 ` Nivedita Singhvi 2005-12-15 23:48 ` Anthony Liguori
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.