[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

Hi Rik,

On Sun, Mar 13, 2005 at 11:00:27AM -0500, Rik van Riel wrote:
> On Sun, 13 Mar 2005, Kurt Garloff wrote:
> > Why not just require the other end of the socket to be below 1024?
> > If you bind to localhost, that should be enough.
> 
> Because the ability to open connections from ports < 1024
> is a capability, which can be retained by daemons after
> dropping the other root privileges.

Right.
But I don't see a problem with this.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgp_ULO7zSapt.pgp
Description: PGP signature

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.