|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] XCP: Insecure Distro ?
Well, you are right from the multi-user point of view regarding the passwd file, but XCP is designed as appliance, xe utility or something speaking xapi is a way of interfacing it, no user other than root should access dom0. Updates - question of stability, i hope you do not want to risk reload of all your VM`s due to libc changes or something like that :). You need to update what? Xen hypervisor? Openvswitch, xapi toolstack? Everything should be locked down on lower levels (network access to dom0, physical access to appliances). Try to change the point of view and stop looking at it as a standard multiuser linux enviroment. r. On 05/09/2011 10:41 PM, Adrien Guillon wrote: Hello mailing list! I have been working with XCP a little bit, and I have the impression that this distro is insecure. First, it does not look like update repositories are enabled inside /etc/yum.repos.d, although I'm from an apt background so I may be misinterpreting that. Where will my security updates come from? Next, it appears that the root password hash is directly stored inside /etc/passwd, which is set to world-readable! There does not appear to be an /etc/shadow file at all. Unfortunately I am dropping the distro entirely due to security concerns, I hope that these problems can be fixed. AJ _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |