[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

On Fri, Mar 04, 2005 at 01:47:35PM -0600, Anthony Liguori wrote:
> You can't stop local connections from non-root users but there's not a
> whole lot of reason to have non-root users in domain-0 anyway.

Fedora wants to adopt xen and I don't think they remove the VGA-card
from domain 0.

> BTW, Posix doesn't mandate that filesystem permissions are respected
> with unix domain sockets.  Linux currently does check the filesystem
> permission bits when opening a unix domain socket.  A few notable Unices
> (I think BSD but I'm not sure) don't perform permission checks on domain
> sockets.

But for directories.

> The proper way to do permission checking with domain sockets is using
> SCM data.

No, it is not.


One does not thank logic.
                -- Sarek, "Journey to Babel", stardate 3842.4

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.