Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users

from [Kurt Garloff] [Permanent Link][Original]
To: Rik van Riel <riel@xxxxxxxxxx>
Subject: Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Sun, 13 Mar 2005 15:55:12 +0100
Cc: Tommi Virtanen <tv@xxxxxxxxxxxxx>, Bastian Blank <waldi@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 13 Mar 2005 14:55:59 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.61.0503061613160.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: SUSE/Novell
References: <Pine.LNX.4.58.0503041118010.13626@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1109962904.2746.12.camel@localhost> <4228B4D3.8020909@xxxxxxxxxxxxx> <1109965655.3355.8.camel@localhost> <20050304195646.GA31213@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0503051651070.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <422B1E47.9050502@xxxxxxxxxxxxx> <Pine.LNX.4.61.0503061613160.31720@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i 
Hi Rik,

On Sun, Mar 06, 2005 at 04:14:24PM -0500, Rik van Riel wrote:
> On Sun, 6 Mar 2005, Tommi Virtanen wrote:
> > That's not good design. I sincerely think access to any confidential
> > or security conscious part of xen should be limited, e.g. with a
> > unix domain socket located in a directory only readable by a certain
> > group.
> 
> Good point, then we could use filesystem permissions
> and/or selinux policy to restrict who gets access to
> xend.

Why not just require the other end of the socket to be below 1024?
If you bind to localhost, that should be enough.

xm would then use a privileged socket if it can (i.e. if called as 
root).

Using an selinux policy for this would be aiming cannons at sparrows
(german saying, in english that's breaking a fly on the wheel).

> > Note that if there are harmless xm commands (xm list and so on), they
> > could be allowed for all users in dom0.
> 
> This would require either access permission checks inside
> xend, or a separate socket for only unprivileged operations.

Then defer the client[1] port check to the command parser.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgpgX4tEBtXHz.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] 2.0-testing: CONSOLE_PORT_BASE, Kurt Garloff
Next by Date:  RE: [Xen-devel] 2.0-testing: CONSOLE_PORT_BASE, Ian Pratt
Previous by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Rik van Riel
Next by Thread:  Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users, Rik van Riel
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy