From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nivedita Singhvi <niv@us.ibm.com>
Subject: Re: Xend listening for TCP HTTP?
Date: Thu, 15 Dec 2005 15:43:20 -0800
Message-ID: <43A1FF98.7010803@us.ibm.com>
References: <43A1EA68.7060908@us.ibm.com> <43A1EB22.3050001@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <43A1EB22.3050001@us.ibm.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Anthony Liguori wrote:
> Ok, I confirmed this, out of the box, accessing 
> http://localhost:8000/xen/domain as a lesser-privileged user allows one 
> to do very bad things.

Anthony, were you using the default xend-config.sxp?

Currently, although the default is off for http support
in xend, the default config file turns it on:

#(xend-http-server no)
(xend-http-server yes)

Note that it is restricted to local users, though:

# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
# Specifying the empty string '' (the default) allows all connections.
#(xend-address '')
(xend-address localhost)

I'm about to submit a patch to turn this off in the default
file that's installed, as it's generally the case that most
people won't change it...

thanks,
Nivedita

> Regards,
> 
> Anthony Liguori
> 
> Anthony Liguori wrote:
> 
>> Hi,
>>
>> On IRC, it came up that recent snapshots of Xend are now listening for 
>> TCP HTTP connections again by default.  Since it's still listening on 
>> a Unix socket and xm will always prefer that, xm still only functions 
>> as root.
>>
>> However, less privileged users can still connect to the TCP port and 
>> through Xend gain root access.  This seems like a pretty bad default 
>> configuration.  I poked around on the TCP interface but couldn't seem 
>> to confirm this (does it only accept s-expression Content-Type now?).
>>
>> Thanks for any clarification on this.
>>
>> Regards,
>>
>> Anthony Liguori
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>>
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
> 
>