[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections
Kurt Garloff wrote: I know. That's one of the reasons using this port worries me. There may be nfs related conflicts.Hi Anthony, On Wed, Mar 23, 2005 at 09:41:24AM -0600, Anthony Liguori wrote:So, here's my concerns: 1) ports < 1024 are reserved although 732 is currently unassignedNote that NFS uses such ports without asking prior permission. I chose 732 because it's unassigned indeed. How would you extend this to consoles? Each console can't have it's own privileged port :-)4) you still have to find a way to deal with the consolesBefore I start working on getting the consoles under control, I wanted to see whether this approach is acceptable at all. Nope. I think there are a few options. We could use hosts.allow or something similiar, we could restrict it to subnets, or we could try and implement some sort of authentication mechanism.5) you still have to deal with xfrdIt seems to listen on *:8002 ... Is there no authentication either? Sigh. Perhaps shutting it off by default and making it clear that it is insecure is enough. And we probably need to look into the event channel (8001) as well. Yeah. But for Xen-2, let's try to find a pragmatic way that enables desktopusers to install and test xen without raising too many security concerns. I full-heartedly agree. I'll gladly help out on this effort. Regards, Anthony Liguori Regards, ------------------------------------------------------- This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005 Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |