|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
On 09/08/2011 12:18, "Vincent Hanquez" <vincent.hanquez@xxxxxxxxxxxxx> wrote: > On 08/09/2011 12:00 PM, Keir Fraser wrote: >> If userspace connections to xenbus were not trusted, we'd >> need a lot more filtering than we have. > > I don't think people that are using it in guest userspace (quite liberally) > have necessarily realized this. Well, you do need to be root (at least by default) to access the xenstore device, and there are myriad other ways for a root process to break the guest. Admittedly you could start as root and then deprivilege yourself, in which case the xenstore conenction would be an ongoing point of excess privilege. Do you have any examples of projects which could run with much lesser privilege, and very constrained xenstore access, if a suitably controlled xenstore interface was provided? -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |