|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] RE: [Xen-staging] [xen-unstable] hvm: Remove access to QEMU monitor inVNC server
> From: Daniel P. Berrange [mailto:berrange@xxxxxxxxxx] > > Well SDL isn't exposed to the network directly - to access the monitor > via the SDL console, you'd need to first access the X server > desktop in > question. Unprivileged local users, or remote user can't > typically get > access to X desktop of the person who started the VM, so its > not neccessary > to disable it. What about the unprivileged local user using the X desktop? > The console enables the users to map the virtual serial port > onto a physical > device. Not a huge issue, but still basically a privilege > escalation because > it lets users access hardware they'd not otherwise be able to. ?? You get access to the guests serial port through a virtual console in VNC/SDL, how is that a privilege escalation? Don't you think that having the monitor (and the serial port) not exposed by default through VNC/SDL is a sufficient and more flexibel fix for the security issue? Christian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |