[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] XCP: Insecure Distro ?

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Adrien Guillon <aj.guillon@xxxxxxxxx>
  • Date: Mon, 9 May 2011 16:41:33 -0400
  • Delivery-date: Mon, 09 May 2011 13:42:35 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u81ZuJp0jR6ph14ihRIv/bxGUvayx0DcniRi8CNsoseOeGZ32jIyn6vhgDQiVQO1EN aRDdk31Q0esBXLPrH0zsc5yFfE/1ZzNNGwdgFQgJ1T6A48T2AhhGMwyO9UyNSYeGv2ge OTVxKnGWafGEU5C3tikoThylwvBeIoJNhubbo=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Hello mailing list!

I have been working with XCP a little bit, and I have the impression
that this distro is insecure.  First, it does not look like update
repositories are enabled inside /etc/yum.repos.d, although I'm from an
apt background so I may be misinterpreting that.  Where will my
security updates come from?

Next, it appears that the root password hash is directly stored inside
/etc/passwd, which is set to world-readable!  There does not appear to
be an /etc/shadow file at all.

Unfortunately I am dropping the distro entirely due to security
concerns, I hope that these problems can be fixed.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.