Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

[Tommi Virtanen <tv@xxxxxxxxxxxxx>]

Kurt Garloff wrote:
> > There's a simple reason why that's not really what you want.
> >
> > Imagine two security-sensitive services, with different sets of
> > allowed users. Using UNIX domain sockets with filesystem access
> > control allows using two groups to list the allowed users for each
> > service -- using <1024 source port does not.
> It does.
> The frontend (that would acquire the privileged socket) would need
> to be setuid root for this and then could enforce whatever policies,
> much more flexible than the Unix group membership model if you want.
Oh, the group-restricted UNIX domain socket wins there, too.

Your model:

  - setuid client that only lets certain users open ports <1024

My model:

  - setgid client that only lets certain users connect to the protected
    socket
OR
  - just add the certain users to the group, and let them access the
    protected socket.

The UNIX domain socket way is both more flexible and _more secure_
-- it only needs setgid where the port<1024 thing needs setuid.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel