|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections
So, here's my concerns: 1) ports < 1024 are reserved although 732 is currently unassigned 2) unix domain sockets would solve the same problem 3) this approach is not flexible for finer grain control 4) you still have to find a way to deal with the consoles 5) you still have to deal with xfrdWith all that said, I'd like to see this applied as it's better than leaving everything out in the open. Regards, Anthony Liguori Kurt Garloff wrote: Hi, as discussed previously, I went ahead and introduced a setting that allows you to restrict the stuff you can when controlling xen by connecting to the port 8000 unless you connect from a privileged port. I did not yet bother to look at the event port nor did I try to addressthe consoles. The consoles will be done in a second patch if this approach is deemed appropriate.Note that I also do still allow unprivileged connections still to gather most of the information. This can be debated, but I'm not such a big fan of security by obscurity. I hope I did not miss anything important for the control stuff. The patch also fixes one typo (missing ") in SrvNode.py. Regards, ------------------------------------------------------- This SF.net email is sponsored by: 2005 Windows Mobile Application Contest Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones for the chance to win $25,000 and application distribution. Enter today at http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |