[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
Anthony Liguori wrote: BTW, Posix doesn't mandate that filesystem permissions are respected with unix domain sockets. Linux currently does check the filesystem permission bits when opening a unix domain socket. A few notable Unices (I think BSD but I'm not sure) don't perform permission checks on domain sockets. The proper way to do permission checking with domain sockets is using SCM data. There are several techniques you could be referring to: <http://www.whitefang.com/sup/secure-faq.html#LOCAL4> <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/sockets.html> but they all sound to me like complicated and nonportable hacks. Which one did you mean? -- David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx> ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |