|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
David Hopwood wrote: You can 1 and 3 just as easily with the Unix domain socket method. Although you could also do 2, there's no need (2 is not a flexibility advantage, it's just something you have to do to make the port<1024 method secure). More importantly, using SCM_CREDENTIALS allows you to pass the actual user credentials overs the domain socket. This is by far the best mechanism as it allows access control to be implemented entirely within the daemon without doing any nasty set[ug]id trickery. Its entire purpose in life is doing exactly what we're trying to do :-) Regards, Anthony Liguori ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |