|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] severe security issue on dom0/xend/xm/non-root users
Rumor has it that on Sun, Mar 13, 2005 at 10:51:22PM +0100 Kurt Garloff said: > Hi David, > > On Sun, Mar 13, 2005 at 09:39:01PM +0000, David Hopwood wrote: > > Kurt Garloff wrote: > > >Why not just require the other end of the socket to be below 1024? > > > > Please don't. The permission should be something that can be specifically > > granted to a user or group id, not that requires root. Requiring root > > tends to cause as many security problems as it solves. > > I disagree. > > Normally, you'd expect that only the sysadmin is able to control > virtual machines. This would be the result of this simple tweak. > Which sysadmin? Dom0 sysadmin may not be the same as a vm's sysadmin. You would not want a VM sysadmin to be able to manage someone else's VM, but he may want control over his own. Cheers, Phil -- Philip R. Auld, Ph.D. Egenera, Inc. Software Architect 165 Forest St. (508) 858-2628 Marlboro, MA 01752 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |