Xen devel - Aug 2009 - Is it possible to access XenStore remotely?

Hi,

Is it possible to read/write the xenstore from another physical machine?

I know it uses Unix socket. So it looks hard to access it remotely,
isn''t
it?

Thanks,
Zephyr


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

weiming wrote:
> Hi,
>
> Is it possible to read/write the xenstore from another physical machine?
>
> I know it uses Unix socket. So it looks hard to access it remotely, 
> isn''t it?
Hi weiming,

whilst it''s not possible at the moment and certainly a bad idea
security
wise, make xenstored listen on a tcp socket along with the unix socket 
is very easy.

cheers,
--
Vincent


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi VIncent,

Yes, I''m considering adding a TCP socket for xenstored.

Since xen apis can be called remotely, there''s no reason to prevent
accessing xenstore in the same way.

thanks,
Weiming

On Thu, Aug 20, 2009 at 5:24 AM, Vincent Hanquez <
vincent.hanquez@eu.citrix.com> wrote:
> weiming wrote:
>
>> Hi,
>>
>> Is it possible to read/write the xenstore from another physical
machine?
>>
>> I know it uses Unix socket. So it looks hard to access it remotely,
isn''t
>> it?
>>
> Hi weiming,
>
> whilst it''s not possible at the moment and certainly a bad idea
security
> wise, make xenstored listen on a tcp socket along with the unix socket is
> very easy.
>
> cheers,
> --
> Vincent
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

weiming writes ("Re: [Xen-devel] Is it possible to access XenStore
remotely?"):
> Yes, I''m considering adding a TCP socket for xenstored.
As Jean says, this is easy but probably unwise.
> Since xen apis can be called remotely, there''s no reason to
prevent
> accessing xenstore in the same way.
You will need to think about access control.  I don''t think we will be
accepting any patches to implement the more complex access control
which will be necessary, so you''ll be maintaining a private branch.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi,

On Thu, 2009-08-20 at 10:00 -0400, weiming wrote:
> Hi VIncent,
> 
> Yes, I''m considering adding a TCP socket for xenstored. 
> 
> Since xen apis can be called remotely, there''s no reason to
prevent
> accessing xenstore in the same way.
We did this when working on an experiment to use Xen on a single system
image. Our implementation utilized a private back-end LAN which was not
exposed to dom-u''s that faced the public, so no authentication
mechanism
was needed. We needed to set up remote watches to facilitate a sort of
''cluster wide upstart for xen''. 

I would warn you, XenStore is fragile and often fickle, I''ve crashed it
many times within a guest while working on split drivers for various
character devices.

If you expose it via sockets, without having the API as a buffer to take
most ''brute force'' abuse, be sure to code very defensively and
utilize
iptables to restrict access. While xend can be re-started , xenstored
can not.

Yes, API''s can be called remotely, however some diligence prevails
before the API actually talks to xenstore.

Cheers,
--Tim


> 
> thanks,
> Weiming
> 
> On Thu, Aug 20, 2009 at 5:24 AM, Vincent Hanquez
> <vincent.hanquez@eu.citrix.com> wrote:
>         
>         weiming wrote:
>                 Hi,
>                 
>                 Is it possible to read/write the xenstore from another
>                 physical machine?
>                 
>                 I know it uses Unix socket. So it looks hard to access
>                 it remotely, isn''t it?
>         Hi weiming,
>         
>         whilst it''s not possible at the moment and certainly a bad
>         idea security wise, make xenstored listen on a tcp socket
>         along with the unix socket is very easy.
>         
>         cheers,
>         --
>         Vincent
>         
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Tim Post writes ("Re: [Xen-devel] Is it possible to access XenStore
remotely?"):
> I would warn you, XenStore is fragile and often fickle, I''ve
crashed it
> many times within a guest while working on split drivers for various
> character devices.
If xenstored can be crashed then we should fix it.  Can you remember
any of the things which caused it to fall over ?

Ian.

_______________________________________________
xen-api mailing list
xen-api@lists.xensource.com
http://lists.xensource.com/mailman/listinfo/xen-api

Ian Jackson wrote:
> Tim Post writes ("Re: [Xen-devel] Is it possible to access XenStore
remotely?"):
>   
>> I would warn you, XenStore is fragile and often fickle, I''ve
crashed it
>> many times within a guest while working on split drivers for various
>> character devices.
>>     
>
> If xenstored can be crashed then we should fix it.  Can you remember
> any of the things which caused it to fall over ?
>   
or we could just install the ocaml implementation by default.
it has already proven to be a lot better security wise.

(it''s still interesting to know what caused the crash, so we can 
probably add that to some kind of harness)

-- 
Vincent

_______________________________________________
xen-api mailing list
xen-api@lists.xensource.com
http://lists.xensource.com/mailman/listinfo/xen-api

Ian,

On Mon, 2009-08-24 at 17:05 +0100, Ian Jackson wrote:
> Tim Post writes ("Re: [Xen-devel] Is it possible to access XenStore
remotely?"):
> > I would warn you, XenStore is fragile and often fickle, I''ve
crashed it
> > many times within a guest while working on split drivers for various
> > character devices.
> 
> If xenstored can be crashed then we should fix it.  Can you remember
> any of the things which caused it to fall over ?
Mostly, it was run away writers caught in a brain dead loop. It was not
difficult to DoS the store from within a guest accidentally or
deliberately.

I also remember using watches on a single key that changed frequently
without using xs_read_watch() since I already knew what fired, that
caused a total crash of xenstored.

I''ve also had xs_transaction_end() return -EAGAIN frequently on busy
systems.

The ocaml version of xenstored is much more resilient to abuse, be it
accidental or deliberate.

Cheers,
--Tim


-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel