From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: Xend listening for TCP HTTP?
Date: Thu, 15 Dec 2005 17:48:35 -0600
Message-ID: <43A200D3.6030003@us.ibm.com>
References: <43A1EA68.7060908@us.ibm.com> <43A1EB22.3050001@us.ibm.com>
	<43A1FF98.7010803@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <43A1FF98.7010803@us.ibm.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Nivedita Singhvi <niv@us.ibm.com>
Cc: xen-devel <xen-devel@lists.xensource.com>, Ewan Mellor <ewan@xensource.com>
List-Id: xen-devel@lists.xenproject.org

Nivedita Singhvi wrote:

> Anthony Liguori wrote:
>
>> Ok, I confirmed this, out of the box, accessing 
>> http://localhost:8000/xen/domain as a lesser-privileged user allows 
>> one to do very bad things.
>
>
> Anthony, were you using the default xend-config.sxp?

Yup.

> Currently, although the default is off for http support
> in xend, the default config file turns it on:
>
> #(xend-http-server no)
> (xend-http-server yes)

Yup.  This was added in:

# HG changeset patch
# User emellor@leeni.uk.xensource.com
# Node ID cefe36be8592090b4edb08060cca67a004c04617
# Parent  4d49f61a7feef3fca5fb3e991a5a1d741b6cd690
Tidy xend-config.sxp, removing entries that haven't been used since the
hotplugging stuff was introduced (block-*, console-port-base, 
console-address)
and introducing entries for options that have been present for ages
(xend-{http,unix,relocation}-server, xend-unix-path, 
xend-relocation-address,
enable-dump).  Remove vif-antispoof, as Vifctl no longer passes this option
down.

I imagine it was unintentional.  Ewan?

Regards,

Anthony Liguori

> thanks,
> Nivedita
>
>> Regards,
>>
>> Anthony Liguori
>>
>> Anthony Liguori wrote:
>>
>>> Hi,
>>>
>>> On IRC, it came up that recent snapshots of Xend are now listening 
>>> for TCP HTTP connections again by default.  Since it's still 
>>> listening on a Unix socket and xm will always prefer that, xm still 
>>> only functions as root.
>>>
>>> However, less privileged users can still connect to the TCP port and 
>>> through Xend gain root access.  This seems like a pretty bad default 
>>> configuration.  I poked around on the TCP interface but couldn't 
>>> seem to confirm this (does it only accept s-expression Content-Type 
>>> now?).
>>>
>>> Thanks for any clarification on this.
>>>
>>> Regards,
>>>
>>> Anthony Liguori
>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xensource.com
>>> http://lists.xensource.com/xen-devel
>>>
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>>
>>
>
>