[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xm create as root vs xm destroy as normal user


  • To: tanner@xxxxxxxxxxxxx
  • From: Kip Macy <kip.macy@xxxxxxxxx>
  • Date: Sat, 25 Jun 2005 16:52:42 -0700
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Sat, 25 Jun 2005 23:51:39 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b4mziCZchst9zKJqzVFMSj1P+rTwwE91ZL0+QdOxXFvGNKhxEvdhRPD1uLCB2P/fruvwYbuVtHMKBFqGfKl7biB/I+8DG2rAphKk/Stkz2pXRu0BHvh5UoMZawr9imxKdRusQfr4c+sps5ko7xPprXWMrZ8K2ISY+4i7EYWqVis=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

There is currently no notion of capabilities. In 3.0 the default
communication path between xm and xend is now a unix domain socket so
by default only root can execute xm commands.

 -Kip

On 6/24/05, Bob Tanner <tanner@xxxxxxxxxxxxx> wrote:
> Playing around with xen-2.0.6 and I've found something troubling.
> 
> I've been creating domU's with 'xm create.' As a simple security check, I did
> a 'xm shutdown' as a normal user. Much to my surprise, that domU shutdown.
> 
> Does the default behavior of xen allow a non-root users to shutdown any domU?
> Even domU's that aren't created by the user issuing the 'xm shutdown'?
> 
> Thanks.
> --
> Bob Tanner <tanner@xxxxxxxxxxxxx>          | Phone : (952)943-8700
> http://www.real-time.com, Minnesota, Linux | Fax   : (952)943-8500
> Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
> 
> 
> 
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.