From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kip Macy Subject: Re: xm create as root vs xm destroy as normal user Date: Sat, 25 Jun 2005 16:52:42 -0700 Message-ID: References: <200506241724.18807@www.mn-linux.org.or.transmuter.real-time.com> Reply-To: Kip Macy Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <200506241724.18807@www.mn-linux.org.or.transmuter.real-time.com> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: tanner@real-time.com Cc: xen-devel List-Id: xen-devel@lists.xenproject.org There is currently no notion of capabilities. In 3.0 the default communication path between xm and xend is now a unix domain socket so by default only root can execute xm commands. -Kip On 6/24/05, Bob Tanner wrote: > Playing around with xen-2.0.6 and I've found something troubling. >=20 > I've been creating domU's with 'xm create.' As a simple security check, I= did > a 'xm shutdown' as a normal user. Much to my surprise, that domU shutdown= . >=20 > Does the default behavior of xen allow a non-root users to shutdown any d= omU? > Even domU's that aren't created by the user issuing the 'xm shutdown'? >=20 > Thanks. > -- > Bob Tanner | Phone : (952)943-8700 > http://www.real-time.com, Minnesota, Linux | Fax : (952)943-8500 > Key fingerprint =3D AB15 0BDF BCDE 4369 5B42 1973 7CF1 A709 2CC1 B288 >=20 >=20 > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >=20 >=20 >=20 >