Dear All, I just do security harden on my server, can i change permission for file /usr/libexec/libvirt_proxy from -rwsr-xr-x to -rwxr-xr-x. Can this make problem with xen? what impact if i do this? Thank for any help. Regards, Heriyanto _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Niels Dettenbach (Syndicat IT&Internet)
2012-Dec-24 10:55 UTC
Re: Permission of /usr/libexec/libvirt_proxy
shell heriyanto <shell.heriyanto@gmail.com> schrieb:>I just do security harden on my server, >can i change permission for file /usr/libexec/libvirt_proxy >from -rwsr-xr-x to -rwxr-xr-x. Can this make problem with xen? what >impact >if i do this?not shure what do you mean with "harden" in your case and i''m not shure because i did not use libvirt_proxy usually, but i assume the set uid bit allows other users then root to access functions hardly bound to the root user within xen and os subsystem required by xen. As long as only root is using xen on your sys this should not be a problem. If other users then root want access to xen/libvirt (i.e. within a "xen" or "wheel" group) this change could avoid the usability of xen for them. cheers, Niels. -- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com
Hi Niels, thank you very much for replying. The idea is remove SUID/GUID. On Mon, Dec 24, 2012 at 5:55 PM, Niels Dettenbach (Syndicat IT&Internet) < nd@syndicat.com> wrote:> > > shell heriyanto <shell.heriyanto@gmail.com> schrieb: > >I just do security harden on my server, > >can i change permission for file /usr/libexec/libvirt_proxy > >from -rwsr-xr-x to -rwxr-xr-x. Can this make problem with xen? what > >impact > >if i do this? > > not shure what do you mean with "harden" in your case and > i''m not shure because i did not use libvirt_proxy usually, but i assume > the set uid bit allows other users then root to access functions hardly > bound to the root user within xen and os subsystem required by xen. > > As long as only root is using xen on your sys this should not be a > problem. If other users then root want access to xen/libvirt (i.e. within a > "xen" or "wheel" group) this change could avoid the usability of xen for > them. > > > cheers, > > > Niels. > -- > Niels Dettenbach > Syndicat IT&Internet > http://www.syndicat.com > >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users