WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

from [Adam Heath] [Permanent Link][Original]
To: Anthony Liguori <aliguori@xxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Adam Heath <doogie@xxxxxxxxxxxxx>
Date: Fri, 4 Mar 2005 13:35:28 -0600 (CST)
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxxx>, Bastian Blank <waldi@xxxxxxxxxx>
Delivery-date: Fri, 04 Mar 2005 19:43:13 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <1109962904.2746.12.camel@localhost>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1109962904.2746.12.camel@localhost>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx 
On Fri, 4 Mar 2005, Anthony Liguori wrote:

> Any network user can connect to dom0 and also do any of these
> operations.

Very simple to firewall it off from remote, or even only attached to
localhost.

> The Xen documents should perhaps make this more aware.

> Xend is not designed to provide any sort of security protection out of
> the box.  It assumes that you're running on a trusted network.  Just
> assume that any person that can ping dom0 has root access to your
> system.

> This is being addressed.  This isn't a flaw in Xend.  It just wasn't
> meant for a security-conscious environment.

Once the xen packages are accepted out of debian's incoming queue, I can be
assured of having this bug filed, and it being tagged security.  It *is* a
problem.  Saying it wasn't designed with this in mind doesn't make it a
non-issue.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Anthony Liguori
Next by Date:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Adam Heath
Previous by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Anthony Liguori
Next by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Anthony Liguori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy