WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: XCP: Insecure Distro ?

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Re: XCP: Insecure Distro ?
From: riki <phobie@xxxxxxxx>
Date: Wed, 11 May 2011 00:05:08 +0200
Delivery-date: Tue, 10 May 2011 15:06:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <BLU150-w54F999B8E05ABF876E5033BD870@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <BAY0-MC3-F22ApDvb3C00235b60@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <BLU150-w54F999B8E05ABF876E5033BD870@xxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20110307 Icedove/3.0.11


On 05/10/2011 10:46 PM, A Cold Penguin wrote:

Sorry I wasn't completely clear.
The reason why the use of /etc/passwd vs /etc/shadow is
non-consequential is that XCP is a single user machine where all
access is via UID 0.
As such UNIX file permissions are effectively useless. For all intents
and purposes 700 = 777 if you are always root and everything is owned
by root yes?
....
Does this further clarify why changing to /etc/shadow would be of no
consequence?


No, if anything, it makes even less sense. If all the daemons are running as 
root, then the excuse that was put forward, that using shadow would stop the 
necessary daemons from being able to perform their synchronisation properly, is 
moot.
In the situation I am talking about here, root is often not used as a 
super-user. Although it would be understood that in the requirement of XCP this 
might be bypassed, the easy-access by keeping the password in a world-readable 
file would not be acceptable.

Is it possible to stop looking at the XCP as the unix-like distribution based on centos linux and start to look at it as a appliance. Are you guys evaluationg your microwave oven, fridge, NAS, set-top box and your smart TV?

r.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users