On 03/26/2011 09:38 PM, Giuseppe Iuculano wrote:
Under these conditions, there's no way something/someone malicious can
connect to DTC-Xen and do the kind of exploit described in this bug.
If someone wants to change the behavior of DTC-Xen and allow connections
and control from VPS *users*, then I would accept the patch. But that's
currently not the design (yet).
Please explain, Is there a mechanism that denies connections from VPS users?
Cheers,
Giuseppe.
VPS don't connect to DTC-Xen at all. They don't have credentials for it.
Users click on the DTC web interface (or someone scripts it), and DTC
connects to the DTC-Xen SOAP server to do what has been requested.
Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org