The xenbaked daemon and xenmon utility communicate via a mmap'ed shared file. Since this file is located in /tmp, unprivileged users can cause arbitrary files to be truncated by creating a symlink from the well-known /tmp filename to e.g., /etc/passwd. The fix is to place the shared file in a directory to which only root should have access (in this case /var/run/). This bug was reported, and the fix suggested, by Steve Kemp <skx@debian.org>. Thanks! Signed-off-by: Keir Fraser <keir@xensource.com>
Now fixed in: xen-tools-3.0.4_p1-r2 xen-tools-3.1.0-r2 xen-tools-3.1.1-r1 Cheers,
Thx Michael for the quick response.
*** Bug 196898 has been marked as a duplicate of this bug. ***