[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
On Fri, Mar 04, 2005 at 01:47:35PM -0600, Anthony Liguori wrote:
> You can't stop local connections from non-root users but there's not a
> whole lot of reason to have non-root users in domain-0 anyway.
Fedora wants to adopt xen and I don't think they remove the VGA-card
from domain 0.
> BTW, Posix doesn't mandate that filesystem permissions are respected
> with unix domain sockets. Linux currently does check the filesystem
> permission bits when opening a unix domain socket. A few notable Unices
> (I think BSD but I'm not sure) don't perform permission checks on domain
> sockets.
But for directories.
> The proper way to do permission checking with domain sockets is using
> SCM data.
No, it is not.
Bastian
--
One does not thank logic.
-- Sarek, "Journey to Babel", stardate 3842.4
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id�396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
