This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] xm create as root vs xm destroy as normal user

To: tanner@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] xm create as root vs xm destroy as normal user
From: Kip Macy <kip.macy@xxxxxxxxx>
Date: Sat, 25 Jun 2005 16:52:42 -0700
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sat, 25 Jun 2005 23:51:39 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b4mziCZchst9zKJqzVFMSj1P+rTwwE91ZL0+QdOxXFvGNKhxEvdhRPD1uLCB2P/fruvwYbuVtHMKBFqGfKl7biB/I+8DG2rAphKk/Stkz2pXRu0BHvh5UoMZawr9imxKdRusQfr4c+sps5ko7xPprXWMrZ8K2ISY+4i7EYWqVis=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200506241724.18807@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200506241724.18807@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Kip Macy <kip.macy@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
There is currently no notion of capabilities. In 3.0 the default
communication path between xm and xend is now a unix domain socket so
by default only root can execute xm commands.


On 6/24/05, Bob Tanner <tanner@xxxxxxxxxxxxx> wrote:
> Playing around with xen-2.0.6 and I've found something troubling.
> I've been creating domU's with 'xm create.' As a simple security check, I did
> a 'xm shutdown' as a normal user. Much to my surprise, that domU shutdown.
> Does the default behavior of xen allow a non-root users to shutdown any domU?
> Even domU's that aren't created by the user issuing the 'xm shutdown'?
> Thanks.
> --
> Bob Tanner <tanner@xxxxxxxxxxxxx>          | Phone : (952)943-8700
> http://www.real-time.com, Minnesota, Linux | Fax   : (952)943-8500
> Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list