[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] XCP: Insecure Distro ?

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Adrien Guillon <aj.guillon@xxxxxxxxx>
Date: Mon, 9 May 2011 16:41:33 -0400
Delivery-date: Mon, 09 May 2011 13:42:35 -0700
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u81ZuJp0jR6ph14ihRIv/bxGUvayx0DcniRi8CNsoseOeGZ32jIyn6vhgDQiVQO1EN aRDdk31Q0esBXLPrH0zsc5yFfE/1ZzNNGwdgFQgJ1T6A48T2AhhGMwyO9UyNSYeGv2ge OTVxKnGWafGEU5C3tikoThylwvBeIoJNhubbo=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hello mailing list!

I have been working with XCP a little bit, and I have the impression
that this distro is insecure.  First, it does not look like update
repositories are enabled inside /etc/yum.repos.d, although I'm from an
apt background so I may be misinterpreting that.  Where will my
security updates come from?

Next, it appears that the root password hash is directly stored inside
/etc/passwd, which is set to world-readable!  There does not appear to
be an /etc/shadow file at all.

Unfortunately I am dropping the distro entirely due to security
concerns, I hope that these problems can be fixed.

AJ

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] XCP: Insecure Distro ?
  - From: riki
- Re: [Xen-users] XCP: Insecure Distro ?
  - From: Jonathan Tripathy

Prev by Date: Re: [Xen-users] XCP 1.0, Guest access to local device.
Next by Date: Re: [Xen-users] XCP: Insecure Distro ?
Previous by thread: [Xen-users] Problem with XCP 1.0 and igb module
Next by thread: Re: [Xen-users] XCP: Insecure Distro ?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.