[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] severe security issue on dom0/xend/xm/non-root users



 
> > On Sun, 13 Mar 2005, Kurt Garloff wrote:
> > > Why not just require the other end of the socket to be below 1024?
> > > If you bind to localhost, that should be enough.
> > 
> > Because the ability to open connections from ports < 1024
> > is a capability, which can be retained by daemons after
> > dropping the other root privileges.

I think this is a good first step, and pretty easy to implement.
Volunteers?

With the next generation of tools we could insist on using SSL and thus
that the client have an appropriate certificate.

Thanks,
Ian


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.