[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users



Anthony Liguori wrote:
BTW, Posix doesn't mandate that filesystem permissions are respected
with unix domain sockets.  Linux currently does check the filesystem
permission bits when opening a unix domain socket.  A few notable Unices
(I think BSD but I'm not sure) don't perform permission checks on domain
sockets.

The proper way to do permission checking with domain sockets is using
SCM data.

There are several techniques you could be referring to:

<http://www.whitefang.com/sup/secure-faq.html#LOCAL4>
<http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/sockets.html>

but they all sound to me like complicated and nonportable hacks. Which one
did you mean?

--
David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.