Xen project Mailing List

Re: [Xen-devel] xm create as root vs xm destroy as normal user

Date: Sat, 25 Jun 2005 16:52:42 -0700

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Sat, 25 Jun 2005 23:51:39 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b4mziCZchst9zKJqzVFMSj1P+rTwwE91ZL0+QdOxXFvGNKhxEvdhRPD1uLCB2P/fruvwYbuVtHMKBFqGfKl7biB/I+8DG2rAphKk/Stkz2pXRu0BHvh5UoMZawr9imxKdRusQfr4c+sps5ko7xPprXWMrZ8K2ISY+4i7EYWqVis=

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

There is currently no notion of capabilities. In 3.0 the default communication path between xm and xend is now a unix domain socket so by default only root can execute xm commands. -Kip On 6/24/05, Bob Tanner <tanner@xxxxxxxxxxxxx> wrote: > Playing around with xen-2.0.6 and I've found something troubling. > > I've been creating domU's with 'xm create.' As a simple security check, I did > a 'xm shutdown' as a normal user. Much to my surprise, that domU shutdown. > > Does the default behavior of xen allow a non-root users to shutdown any domU? > Even domU's that aren't created by the user issuing the 'xm shutdown'? > > Thanks. > -- > Bob Tanner <tanner@xxxxxxxxxxxxx> | Phone : (952)943-8700 > http://www.real-time.com, Minnesota, Linux | Fax : (952)943-8500 > Key fingerprint = AB15 0BDF BCDE 4369 5B42 1973 7CF1 A709 2CC1 B288 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel > > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.