This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] protecting xen startup

To: Mark Williamson <maw48@xxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] protecting xen startup
From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date: Tue, 23 Nov 2004 20:51:52 +0000
Cc: xen-devel@xxxxxxxxxxxx
Delivery-date: Tue, 23 Nov 2004 20:43:52 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.60.0411231802570.3258@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20041123170546.GB6250@xxxxxxxx> <Pine.LNX.4.60.0411231802570.3258@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/
On Tue, Nov 23, 2004 at 06:07:52PM +0000, Mark Williamson wrote:
> >i notice that there's a management interface on port 8000.
> There are currently two HTTP-based management interfaces.  Once of them is 
> the Xensv web interface, the other is the Xend HTTP-based API, which is 
> used by both the command line xm tool and Xensv to issue commands to Xend.
> >i seek to protect this interface such that nothing but a trusted program
> >(think selinux) may run, manage, start up or shut down xen oses.
> Currently, anyone who can access Xend's port can issue management 
> commands.  Xend can optionally be configured to only accept connections 
> from localhost, in which case only local users will be able to issue 
> commands to it.


 is there anything preventing that interface from being removed, such
 that the client/server bit is munged into a single application?

> >is the port 8000 stuff just providing a web server (/etc/init.d/xend)
> >front-end to some extra system calls?
> Not exactly.  At the Linux Level, there aren't any extra Xen system calls. 
> Most commands are issued to Xen by performing ioctls on the 
> /proc/xen/privcmd file.  


 that means that it will be possible to lock down at the very least the
 access to /proc/xen and later, should it prove worthwhile, to protect
 each ioctl with a new selinux security id per ioctl command.

> The commands which are issued through this file 
> are largely transparent to XenLinux however, having meaning only when they 
> are parsed by Xen.

 ... that kinda goes without saying :)

> >is the port 8000 stuff actually running in the xen boot-up stuff?
> Xend starts its HTTP interface when it starts up and will do anything the 
> HTTP interface tells it to do.  If Xend isn't running then the HTTP 
> interface is not accessible (but you can't do a lot without Xend).
 ... but there's nothing to prevent the merging of the xend and the xm
 programs, bypassing the use of HTTP, right?



SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>