On Tue, Dec 04, 2007 at 12:26:54PM +1100, K wrote: > In build 75, I would disable Xend HTTP server which listens on all > interface: > > svccfg -s xvm/xend setprop config/xend-http-server = boolean: false > svcadm refresh xvm/xend > svcadm restart xvm/xend > > I reported it on the xen discussion list and one of the xvm dev said > it was a mistake and it will be corrected in subsequent builds.
This is now fixed indeed. > Sun should find a way to improve the way it handles security bugs in > the developer and community edition as more and more people are > running Solaris Express in semi-production environment. For example, > the pygrub security hole which would let a compromised domU execute > arbitrary code in the dom0 domain as root was not patch in build 75, > one month after the bug was publicized: > http://www.opensolaris.org/jive/message.jspa?messageID=167967#167967 That bug was publicized /after/ the build closed. A fix was put back something like 2 days after the bug was made known, but it takes time for the actual DVDs to come out. john
