WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] XCP: Insecure Distro ?

from [Adrien Guillon] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] XCP: Insecure Distro ?
From: Adrien Guillon <aj.guillon@xxxxxxxxx>
Date: Mon, 9 May 2011 16:41:33 -0400
Delivery-date: Mon, 09 May 2011 13:42:35 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=oELMAuy1ksDPa0tBuOlJczu+ip0XKKsJvpSCyqLcsa0=; b=IaiEwTEnHAj0ztWmlI+0L0mlZes8r6XCh7mQFcJmxfBawaM1saJ7OEFHuEbYC+7scg nALz9dooKGubxv2ocJmkZ4nTvmJHZ9tkp2cqUrjZYqblXkvaCxkJBIm1XOMSvbDylraY Pfk/rTWFa0D7wMPcLd6+GM0BRyQf9XG2xKU40=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u81ZuJp0jR6ph14ihRIv/bxGUvayx0DcniRi8CNsoseOeGZ32jIyn6vhgDQiVQO1EN aRDdk31Q0esBXLPrH0zsc5yFfE/1ZzNNGwdgFQgJ1T6A48T2AhhGMwyO9UyNSYeGv2ge OTVxKnGWafGEU5C3tikoThylwvBeIoJNhubbo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hello mailing list!

I have been working with XCP a little bit, and I have the impression
that this distro is insecure.  First, it does not look like update
repositories are enabled inside /etc/yum.repos.d, although I'm from an
apt background so I may be misinterpreting that.  Where will my
security updates come from?

Next, it appears that the root password hash is directly stored inside
/etc/passwd, which is set to world-readable!  There does not appear to
be an /etc/shadow file at all.

Unfortunately I am dropping the distro entirely due to security
concerns, I hope that these problems can be fixed.

AJ

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] XCP 1.0, Guest access to local device., Dustin Marquess
Next by Date:  Re: [Xen-users] XCP: Insecure Distro ?, Jonathan Tripathy
Previous by Thread:  [Xen-users] Problem with XCP 1.0 and igb module, Żukowski Łukasz
Next by Thread:  Re: [Xen-users] XCP: Insecure Distro ?, Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy