[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xend listening for TCP HTTP?

To: Anthony Liguori <aliguori@xxxxxxxxxx>
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Thu, 15 Dec 2005 16:16:02 -0600
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 15 Dec 2005 22:18:09 +0000
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Ok, I confirmed this, out of the box, accessinghttp://localhost:8000/xen/domain as a lesser-privileged user allows oneto do very bad things.


Regards,

Anthony Liguori

Anthony Liguori wrote:

Hi,
On IRC, it came up that recent snapshots of Xend are now listening forTCP HTTP connections again by default. Since it's still listening ona Unix socket and xm will always prefer that, xm still only functionsas root.
However, less privileged users can still connect to the TCP port andthrough Xend gain root access. This seems like a pretty bad defaultconfiguration. I poked around on the TCP interface but couldn't seemto confirm this (does it only accept s-expression Content-Type now?).
Thanks for any clarification on this.

Regards,

Anthony Liguori

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xend listening for TCP HTTP?
  - From: Nivedita Singhvi

References:
- [Xen-devel] Xend listening for TCP HTTP?
  - From: Anthony Liguori

Prev by Date: [Xen-devel] Xend listening for TCP HTTP?
Next by Date: [Xen-devel] [PATCH] make network-bridge work in more environments
Previous by thread: [Xen-devel] Xend listening for TCP HTTP?
Next by thread: Re: [Xen-devel] Xend listening for TCP HTTP?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.