[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
On Fri, Mar 04, 2005 at 01:47:35PM -0600, Anthony Liguori wrote: > You can't stop local connections from non-root users but there's not a > whole lot of reason to have non-root users in domain-0 anyway. Fedora wants to adopt xen and I don't think they remove the VGA-card from domain 0. > BTW, Posix doesn't mandate that filesystem permissions are respected > with unix domain sockets. Linux currently does check the filesystem > permission bits when opening a unix domain socket. A few notable Unices > (I think BSD but I'm not sure) don't perform permission checks on domain > sockets. But for directories. > The proper way to do permission checking with domain sockets is using > SCM data. No, it is not. Bastian -- One does not thank logic. -- Sarek, "Journey to Babel", stardate 3842.4 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |