WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xend listening for TCP HTTP?

from [Anthony Liguori] [Permanent Link][Original]
To: Anthony Liguori <aliguori@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xend listening for TCP HTTP?
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Thu, 15 Dec 2005 16:16:02 -0600
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 15 Dec 2005 22:18:09 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <43A1EA68.7060908@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <43A1EA68.7060908@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (X11/20051013)
Ok, I confirmed this, out of the box, accessing http://localhost:8000/xen/domain as a lesser-privileged user allows one to do very bad things. 

Regards,

Anthony Liguori

Anthony Liguori wrote:


Hi,
On IRC, it came up that recent snapshots of Xend are now listening for TCP HTTP connections again by default. Since it's still listening on a Unix socket and xm will always prefer that, xm still only functions as root.
However, less privileged users can still connect to the TCP port and through Xend gain root access. This seems like a pretty bad default configuration. I poked around on the TCP interface but couldn't seem to confirm this (does it only accept s-expression Content-Type now?). 

Thanks for any clarification on this.

Regards,

Anthony Liguori

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Xend listening for TCP HTTP?, Anthony Liguori
Next by Date:  [Xen-devel] [PATCH] make network-bridge work in more environments, Dave Virtual
Previous by Thread:  [Xen-devel] Xend listening for TCP HTTP?, Anthony Liguori
Next by Thread:  Re: [Xen-devel] Xend listening for TCP HTTP?, Nivedita Singhvi
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy