Xen project Mailing List

Re: [Xen-users] XCP: Insecure Distro ?

To: A Cold Penguin <verycoldpenguin@xxxxxxxxxxx>

From: Joseph Glanville <joseph.glanville@xxxxxxxxxxxxxx>

Date: Tue, 10 May 2011 21:56:18 +1000

Delivery-date: Tue, 10 May 2011 04:57:38 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi, Sorry I wasn't completely clear. The reason why the use of /etc/passwd vs /etc/shadow is non-consequential is that XCP is a single user machine where all access is via UID 0. As such UNIX file permissions are effectively useless. For all intents and purposes 700 = 777 if you are always root and everything is owned by root yes? XCP could be secured further through the use of a mulit-user environment, sudo, selinux and grsec patches but for it's usecase it would be entirely overkill. In the usecases that XCP will be employed a single user environment is all that is required for the reason that the only trusted system in the stack is the management controller. XCP is not designed to have users ever using shell access on their XCP nodes. All operations on XCP are carried out though deamons running as root all of which can read /etc/passwd or /etc/shadow regardless - as such it would not add any extra security. As I noted earlier it is possible to make XCP secure enough to live on a public network, but I don't think it would be a beneficial use of XCP developers time. Does this further clarify why changing to /etc/shadow would be of no consequence? Joseph. On 10 May 2011 17:16, A Cold Penguin <verycoldpenguin@xxxxxxxxxxx> wrote: >> The points highlighted don't represent security risks if the dom0 is >> properly isolated on a secure management network. > > Unfortunately there are some situations where even having an air-gap between > networks, is not considered secure enough. > Having the password hashes in world-readable files is basically a no-no, and > would mean that this product could not go into production use. > Basically this appears to be a relaxation in security against the 'norm', if > this is only required due to keeping different pool members in sync, > I think that investigation should be made into an alternative method of > synchronising the members. > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > -- Kind regards, Joseph. Founder | Director Orion Virtualisation Solutions | www.orionvm.com.au | Phone: 1300 56 99 52 | Mobile: 0428 754 846 _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.