[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves

On 09/08/2011 12:18, "Vincent Hanquez" <vincent.hanquez@xxxxxxxxxxxxx>

> On 08/09/2011 12:00 PM, Keir Fraser wrote:
>> If userspace connections to xenbus were not trusted, we'd
>> need a lot more filtering than we have.
> I don't think people that are using it in guest userspace (quite liberally)
> have necessarily realized this.

Well, you do need to be root (at least by default) to access the xenstore
device, and there are myriad other ways for a root process to break the
guest. Admittedly you could start as root and then deprivilege yourself, in
which case the xenstore conenction would be an ongoing point of excess

Do you have any examples of projects which could run with much lesser
privilege, and very constrained xenstore access, if a suitably controlled
xenstore interface was provided?

 -- Keir

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.