WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] xm create as root vs xm destroy as normal user

from [Kip Macy] [Permanent Link][Original]
To: tanner@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] xm create as root vs xm destroy as normal user
From: Kip Macy <kip.macy@xxxxxxxxx>
Date: Sat, 25 Jun 2005 16:52:42 -0700
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sat, 25 Jun 2005 23:51:39 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b4mziCZchst9zKJqzVFMSj1P+rTwwE91ZL0+QdOxXFvGNKhxEvdhRPD1uLCB2P/fruvwYbuVtHMKBFqGfKl7biB/I+8DG2rAphKk/Stkz2pXRu0BHvh5UoMZawr9imxKdRusQfr4c+sps5ko7xPprXWMrZ8K2ISY+4i7EYWqVis=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200506241724.18807@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200506241724.18807@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Kip Macy <kip.macy@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
There is currently no notion of capabilities. In 3.0 the default
communication path between xm and xend is now a unix domain socket so
by default only root can execute xm commands.

 -Kip

On 6/24/05, Bob Tanner <tanner@xxxxxxxxxxxxx> wrote:
> Playing around with xen-2.0.6 and I've found something troubling.
> 
> I've been creating domU's with 'xm create.' As a simple security check, I did
> a 'xm shutdown' as a normal user. Much to my surprise, that domU shutdown.
> 
> Does the default behavior of xen allow a non-root users to shutdown any domU?
> Even domU's that aren't created by the user issuing the 'xm shutdown'?
> 
> Thanks.
> --
> Bob Tanner <tanner@xxxxxxxxxxxxx>          | Phone : (952)943-8700
> http://www.real-time.com, Minnesota, Linux | Fax   : (952)943-8500
> Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
> 
> 
> 
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Patch - loader for plan9's a.out format., Kip Macy
Next by Date:  Re: [Xen-devel] [PATCH] 1 of 2: default ssid to 0, Anthony Liguori
Previous by Thread:  [Xen-devel] xm create as root vs xm destroy as normal user, Bob Tanner
Next by Thread:  Re: [Xen-devel] xm create as root vs xm destroy as normal user, Bob Tanner
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy